SAP Netweaver ABAP CVE-2019-0265 XML External Entity Injection Vulnerability
BID:106972
CVE-2019-265 |Info
SAP Netweaver ABAP CVE-2019-0265 XML External Entity Injection Vulnerability
| Bugtraq ID: | 106972 |
| Class: | Input Validation Error |
| CVE: |
CVE-2019-0265 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 12 2019 12:00AM |
| Updated: | Apr 09 2019 05:00PM |
| Credit: | SAP |
| Vulnerable: |
SAP SLD Registration 0 SAP NetWeaver ABAP KRNL64UC 7.21 SAP NetWeaver ABAP KRNL64NUC 7.21 SAP NetWeaver ABAP KRNL32UC 7.21 SAP NetWeaver ABAP KRNL32NUC 7.21 SAP NetWeaver ABAP 7.75 SAP NetWeaver ABAP 7.73 SAP NetWeaver ABAP 7.53 SAP NetWeaver ABAP 7.49.7.73 SAP NetWeaver ABAP 7.49 SAP NetWeaver ABAP 7.45 SAP NetWeaver ABAP 7.22EXT SAP NetWeaver ABAP 7.22 SAP NetWeaver ABAP 7.21EXT SAP NetWeaver ABAP 7.21 |
| Not Vulnerable: | |
Discussion
SAP Netweaver ABAP CVE-2019-0265 XML External Entity Injection Vulnerability
SAP Netweaver ABAP is prone to an XML External Entity injection vulnerability.
Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions.
SAP Netweaver ABAP versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT; KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT; KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49; KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73; KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, and 7.75 are vulnerable.
SAP Netweaver ABAP is prone to an XML External Entity injection vulnerability.
Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions.
SAP Netweaver ABAP versions KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT; KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT; KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49; KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49. 7.73; KERNEL from 7.21 to 7.22, 7.45, 7.49, 7.53, 7.73, and 7.75 are vulnerable.
Exploit / POC
SAP Netweaver ABAP CVE-2019-0265 XML External Entity Injection Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
SAP Netweaver ABAP CVE-2019-0265 XML External Entity Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
SAP Netweaver ABAP CVE-2019-0265 XML External Entity Injection Vulnerability
References:
References: