CVE-2019-0277
MEDIUMSAP HANA Extended Application Services 1 - Authenticated XML External Entity Injection
Title source: llmDescription
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).
References (3)
Core 3
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2764283
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107356
Scores
CVSS v3
6.5
EPSS
0.0073
EPSS Percentile
72.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-611
Status
published
Products (1)
sap/hana_extended_application_services
1.0
Published
Mar 12, 2019
Tracked Since
Feb 18, 2026