CVE-2018-2401
MEDIUMSAP Business Process Automation By Redwood - XML External Entity Injection
Title source: llmDescription
SAP Business Process Automation (BPA) By Redwood does not sufficiently validate an XML document accepted from an untrusted source resulting in an XML External Entity (XXE) vulnerability.
References (3)
Core 3
Core References
Permissions Required x_refsource_confirm
https://launchpad.support.sap.com/#/notes/2596766
Vendor Advisory x_refsource_confirm
https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103374
Scores
CVSS v3
5.4
EPSS
0.0168
EPSS Percentile
73.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Details
CWE
CWE-611
Status
published
Products (1)
redwood/sap_business_process_automation
9.00
Published
Mar 14, 2018
Tracked Since
Feb 18, 2026