Lucene search
K

6 matches found

CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.46 views

SAP NetWeaver XML External Entity (XXE) Vulnerability

SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity XXE attacks...

6.5CVSS6.2AI score0.23805EPSS
In wildExploits0
VulnCheck KEV
VulnCheck KEV
added 2021/04/08 12:0 a.m.1 views

VulnCheck KEV: CVE-2016-9563

SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity XXE attacks...

6.5CVSS6.9AI score0.23805EPSS
Exploits0References1
CVE
CVE
added 2016/11/23 2:0 a.m.1036 views

CVE-2016-9563

This CVE concerns XML External Entity (XXE) injection in SAP NetWeaver AS Java 7.5, specifically the BC-BMT-BPM-DSK component exposed via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI. Root cause is an XXE flaw that could allow an authenticated remote attacker to read arbitrary fil...

6.5CVSS6.4AI score0.23805EPSS
In wildExploits0References4Affected Software1
seebug.org
seebug.org
added 2016/11/23 12:0 a.m.31 views

SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML external entity injection vulnerability

1 It is possible, that an attacker can perform a DoS attack for example, an XML Entity expansion attack 2 An SMB Relay attack is a type of man-in-the-middle attack where an attacker asks a victim to authenticate to a machine controlled by the attacker, then relays the credentials to the target. T...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2016/11/21 12:0 a.m.70 views

SAP NetWeaver AS JAVA 7.4 XXE Injection

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: http://SAP.com Bug: XXE Sent: 09.03.2016 Reported: 10.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909 Author: Vahagn Vardanyan ERPScan Descripti...

0.4AI score
Exploits0
erpscan
erpscan
added 2016/09/03 12:0 a.m.57 views

SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component (CVE-2016-9563)

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 09.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XXE...

4CVSS0.1AI score0.23805EPSS
Exploits0
Rows per page
Query Builder