Details of VAR-201706-1164

ID

VAR-201706-1164

TITLE

SAP Business Planning and Consolidation XML External Entity Injection Vulnerability

Trust: 0.3

sources: BID: 99031

DESCRIPTION

SAP Business Planning and Consolidation is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions.

Trust: 0.3

sources: BID: 99031

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver	scope:	eq	version:	0	Trust: 0.3
vendor:	sap	model:	business planning and consolidation	scope:	eq	version:	0	Trust: 0.3

sources: BID: 99031

THREAT TYPE

network

Trust: 0.3

sources: BID: 99031

TYPE

Unknown

Trust: 0.3

sources: BID: 99031

EXTERNAL IDS

db:

BID

id:

99031

Trust: 0.3

sources: BID: 99031

REFERENCES

url:	http://www.sap.com/	Trust: 0.3
url:	https://launchpad.support.sap.com/#/notes/2457269	Trust: 0.3
url:	https://blogs.sap.com/2017/06/13/sap-security-patch-day-june2017/	Trust: 0.3

sources: BID: 99031

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 99031

SOURCES

db:

BID

id:

99031

LAST UPDATE DATE

2022-05-17T01:50:56.991000+00:00

SOURCES UPDATE DATE

db:

BID

id:

99031

date:

2017-06-13T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

99031

date:

2017-06-13T00:00:00