CVE-2013-6815

2013-11-1919:00:00

mitre

www.cve.org

6.7 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.7%

JSON

The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.

References

scn.sap.com/docs/DOC-8218

secunia.com/advisories/55620

erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/

service.sap.com/sap/support/notes/1890819