Description
You use SAP Environmental Compliance 3.0. A malicious user can modify an XML-based request to include XML content that is then parsed locally.
This could allow a malicious user to perform a denial of service (DoS) on the parsing system, or disclose local data that is then returned in the response to the malicious request, or access further network-located resources that are accessible from the parsing system.
Available fix and Supported packages
- TDAG_ECS_SERVICES | 300 | 300
- TDAG_ECS_MODULES | 300 | 300
- TDAG_XEM_MODULES | 300 | 300
- ENV.COMPL. APPL. MODULES 3.0 | SP017 | 000105
- ENV.COMPL. APPL. MODULES 3.0 | SP018 | 000062
- ENV.COMPL. APPL. MODULES 3.0 | SP019 | 000012
- ENV.COMPL. APPL. MODULES 3.0 | SP020 | 000000
- ENV.COMPL. CENTR. MODULES 3.0 | SP017 | 000067
- ENV.COMPL. CENTR. MODULES 3.0 | SP018 | 000038
- ENV.COMPL. CENTR. MODULES 3.0 | SP019 | 000005
- ENV.COMPL. CENTR. MODULES 3.0 | SP020 | 000000
- ENV.COMPL. CENTR. SERVICES 3.0 | SP017 | 000060
- ENV.COMPL. CENTR. SERVICES 3.0 | SP018 | 000034
- ENV.COMPL. CENTR. SERVICES 3.0 | SP019 | 000005
- ENV.COMPL. CENTR. SERVICES 3.0 | SP020 | 000000
Affected component
- XAP-EM
Emissions Management (SAP xEM)
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2085214
