7.3 High
AI Score
Confidence
High
0.011 Low
EPSS
Percentile
84.7%
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.
scn.sap.com/docs/DOC-8218
secunia.com/advisories/55620
erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/
service.sap.com/sap/support/notes/1890819