CVE-2019-0340
N/A
N/A
Summary
The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Enable Now | < 1902 | affected |
Weaknesses
- Missing XML Validation
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
- https://launchpad.support.sap.com/#/notes/2794742
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017
- https://launchpad.support.sap.com/#/notes/2794742
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.