Description
SAP HANA extended application services, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space.
Some well-known impacts of XML External Entity vulnerability are –
- arbitrary files retrieval from the server
- resource consumption in successful exploits
Available fix and Supported packages
- SAP_EXTENDED_APP_SERVICES | 1 | 1
- SAP EXTENDED APP SERVICES 1 | SP000 | 000102
Affected component
- BC-XS-RT
OP Runtime / XS Controller
CVSS
Score: 8.7
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2764283
