CVE-2013-6815
SAP NetWeaver < 7.31 - Denial of Service via XML External Entity Injection in SHSTI_UPLOAD_XML
Title source: llmDescription
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
https://service.sap.com/sap/support/notes/1890819
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55620
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/
Various Sources x_refsource_confirm
http://scn.sap.com/docs/DOC-8218
Scores
EPSS
0.0070
EPSS Percentile
72.3%
Details
CWE
CWE-20
Status
published
Products (9)
sap/netweaver
4.0
sap/netweaver
6.4
sap/netweaver
7.0 (5 CPE variants)
sap/netweaver
7.01
sap/netweaver
7.02
sap/netweaver
7.03
sap/netweaver
7.10
sap/netweaver
7.30
sap/netweaver
< 7.31
Published
Nov 20, 2013
Tracked Since
Feb 18, 2026