logo
DATABASE RESOURCES PRICING ABOUT US

SAP NetWeaver AS Java XXE Vulnerability (2296909)

Description

An XML external entity (XXE) vulnerability exists in BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5. An authenticated, remote attacker can exploit this, to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related