3 matches found
CVE-2017-11457
CVE-2017-11457 is an XXE vulnerability in SAP NetWeaver AS JAVA 7.5, affecting the component com.sap.km.cm.ice . A remote authenticated attacker can abuse a crafted XML DTD to read arbitrary files or perform SSRF. The issue is documented against SAP NetWeaver AS JAVA 7.5 via SAP Security Note 238...
CVE-2017-11457
XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...
SAP NetWeaver AS Java 7.5 XXE in com.sap.km.cm.ice
Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2387249 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE...