Details of VAR-201704-1646

ID

VAR-201704-1646

TITLE

SAP Composite Application Framework Authorization Tool XML External Entity Injection Vulnerability

Trust: 0.3

sources: BID: 97576

DESCRIPTION

SAP Composite Application Framework Authorization Tool is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions.

Trust: 0.3

sources: BID: 97576

AFFECTED PRODUCTS

vendor:

sap

model:

netweaver

scope:

version:

Trust: 0.3

sources: BID: 97576

THREAT TYPE

network

Trust: 0.3

sources: BID: 97576

TYPE

Design Error

Trust: 0.3

sources: BID: 97576

EXTERNAL IDS

db:

BID

id:

97576

Trust: 0.3

sources: BID: 97576

REFERENCES

url:	http://www.sap.com	Trust: 0.3
url:	https://launchpad.support.sap.com/#/notes/2372301	Trust: 0.3
url:	https://blogs.sap.com/2017/04/11/sap-security-patch-day-april-2017/	Trust: 0.3
url:	https://blogs.sap.com/2017/11/14/sap-security-patch-day-november-2017/	Trust: 0.3

sources: BID: 97576

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 97576

SOURCES

db:

BID

id:

97576

LAST UPDATE DATE

2022-05-17T02:07:06.179000+00:00

SOURCES UPDATE DATE

db:

BID

id:

97576

date:

2017-12-19T22:37:00

SOURCES RELEASE DATE

db:

BID

id:

97576

date:

2017-04-11T00:00:00