Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2016-4014
HistoryApr 14, 2016 - 2:59 p.m.

CVE-2016-4014

2016-04-1414:59:09
mitre
web.nvd.nist.gov
24
cve-2016-4014
xxe
uddi
sap
netweaver
java
as 7.4
denial of service
dtd
nvd
security vulnerability

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

8.1

Confidence

High

EPSS

0.013

Percentile

86.0%

JSON

XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.

Affected configurations

Nvd
Node
sapnetweaverMatch7.4java_as
VendorProductVersionCPE
sapnetweaver7.4cpe:2.3:a:sap:netweaver:7.4:*:*:*:java_as:*:*:*

Related

cvelist 1
packetstorm 1
prion 1
erpscan 1
nvd 1
cvelist
cvelist
CVE-2016-4014
2016-04-14 14:00:00
packetstorm
packetstorm
SAP NetWeaver AS JAVA 7.4 XXE Injection
2016-07-14 00:00:00
prion
prion
Xxe
2016-04-14 14:59:00
erpscan
erpscan
SAP NetWeaver JAVA AS UDDI component - XXE vulnerability
2015-10-20 00:00:00
nvd
nvd
CVE-2016-4014
2016-04-14 14:59:09

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

AI Score

8.1

Confidence

High

EPSS

0.013

Percentile

86.0%

JSON
Related for CVE-2016-4014
cvelist1packetstorm1prion1erpscan1nvd1