ID
VAR-201210-0726
TITLE
SAP NetWeaver Process Integration XML External Entity Information Disclosure Vulnerability
Trust: 0.3
sources:
BID: 56316
DESCRIPTION
SAP NetWeaver Process Integration is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks.
Trust: 0.3
sources:
BID: 56316
AFFECTED PRODUCTS
| vendor: | sap | model: | netweaver process integration | scope: | eq | version: | 7.0 | Trust: 0.3 |
sources:
BID: 56316
THREAT TYPE
network
Trust: 0.3
sources:
BID: 56316
TYPE
Design Error
Trust: 0.3
sources:
BID: 56316
EXTERNAL IDS
| db: | BID | id: | 56316 | Trust: 0.3 |
sources:
BID: 56316
REFERENCES
| url: | http://help.sap.com/saphelp_nw04/helpdata/en/20/68a72acfb61f4a9dfefa1901e8c3b6/content.htm | Trust: 0.3 |
| url: | https://service.sap.com/sap/support/notes/1723641 | Trust: 0.3 |
| url: | http://www.sap.com/platform/netweaver/index.epx | Trust: 0.3 |
| url: | http://erpscan.com/advisories/dsecrg-12-038-sap-netweaver-pi-sdk-xxe-and-xxe-tunneling/ | Trust: 0.3 |
sources:
BID: 56316
CREDITS
Alexander Polyakov, Alexey Tyurin, and Alexandr Minozhenko of ERPScan.
Trust: 0.3
sources:
BID: 56316
SOURCES
| db: | BID | id: | 56316 |
LAST UPDATE DATE
2022-05-17T02:00:08.363000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 56316 | date: | 2012-10-22T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 56316 | date: | 2012-10-22T00:00:00 |