6 matches found
SAP NetWeaver XML External Entity (XXE) Vulnerability
SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity XXE attacks...
VulnCheck KEV: CVE-2016-9563
SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity XXE attacks...
CVE-2016-9563
This CVE concerns XML External Entity (XXE) injection in SAP NetWeaver AS Java 7.5, specifically the BC-BMT-BPM-DSK component exposed via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI. Root cause is an XXE flaw that could allow an authenticated remote attacker to read arbitrary fil...
SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML external entity injection vulnerability
1 It is possible, that an attacker can perform a DoS attack for example, an XML Entity expansion attack 2 An SMB Relay attack is a type of man-in-the-middle attack where an attacker asks a victim to authenticate to a machine controlled by the attacker, then relays the credentials to the target. T...
SAP NetWeaver AS JAVA 7.4 XXE Injection
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: http://SAP.com Bug: XXE Sent: 09.03.2016 Reported: 10.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909 Author: Vahagn Vardanyan ERPScan Descripti...
SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component (CVE-2016-9563)
Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 09.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XXE...