CVE-2014-8590
SAP NetWeaver AS Java - XML External Entity Injection via Web Service Navigator
Title source: llmDescription
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/98581
Various Sources x_refsource_misc
https://service.sap.com/sap/support/notes/2045176
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/71023
Third Party Advisory x_refsource_misc
https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/
Various Sources x_refsource_misc
http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/
Scores
EPSS
0.0096
EPSS Percentile
76.7%
Details
Status
published
Products (1)
sap/netweaver_java_application_server
Published
Nov 04, 2014
Tracked Since
Feb 18, 2026