Description
Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.
References (5)
Core 5
Core References
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-14-003-sap-crm-gwsync-xxe/
Various Sources x_refsource_confirm
https://service.sap.com/sap/support/notes/1917054
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/91098
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/56944
Various Sources x_refsource_confirm
http://scn.sap.com/docs/DOC-8218
Scores
EPSS
0.0054
EPSS Percentile
67.8%
Details
CWE
CWE-200
Status
published
Products (1)
sap/customer_relationship_management
7.02 ehp2
Published
Feb 14, 2014
Tracked Since
Feb 18, 2026