Description
ABAP Development Tools do not sufficiently validate an XML document accepted from an untrusted source.
Some well-known impacts of Missing XML Validation vulnerability are –
- arbitrary files retrieval from the server
- denial-of-service conditions in successful exploits
Available fix and Supported packages
- SAP_BASIS_AIE | 3 | 3
- SAP ABAP IN ECLIPSE 3 | SP008 | 000002
Affected component
- BC-DWB-AIE-DIC
ABAP-Tools in Eclipse for Data Dictionary (without CDS)
CVSS
Score: 5.9
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2892570