SAP Mobile Platform - XXE

Application: Mobile Platform Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 06.11.2014 Vendor response: 07.11.2014 Date of Public Advisory: 15.02.2015 Reference: SAP Security Note 2125358 Authors: Dmitry Chastukhin ERPScan VULNERABILITY INFORMATION Class: XML External Entity...

SAP NetWeaver ECATT_DISPLAY_XMLSTRING_REMOTE - XXE

Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.31, probably others Vendor URL: http://www.sap.com Bugs: XML External Entity Reported: 09.07.2013 Vendor response: 10.07.2013 Date of Public Advisory: 20.01.2015 Reference: SAP Security Note 2016638 Authors: Nikolay...

SAP NetWeaver PI SDK - XXE and XXE Tunneling

Application: SAP PI SDK Versions Affected: SAP PI SDK Vendor URL: http://www.sap.com Bugs: Security Bypass Exploits: YES Reported: 12.03.2012 Vendor response: 13.03.2012 Date of Public Advisory: 22.10.2012 Reference: SAP Security Note 1723641 Authors: Alexander Polyakov, Alexey Tyurin, Alexandr...

Vulnerability in core server (CVE-2012-3489)

xmlparse DTD validation can be used to read arbitrary files...

SAP NetWeaver SPML - XML External Entity

Application: SAP NetWeaver JAVA Versions Affected: 6.40/7.02 maybe others Vendor URL: http://www.sap.com Bugs: XML External Entity Exploits: YES Reported: 08.04.2011 Vendor response: 09.04.2011 Patched by SAP: 11.09.2012 Date of Public Advisory: 15.12.2012 Reference: SAP Security Note 1621534...

SAP Netweaver CCMS - XML External Entity

Application: SAP NetWeaver ABAP Versions Affected: SAP NetWeaver ABAP Vendor URL: http://www.sap.com Bugs: XML External Entity Exploits: YES Reported: 07.12.2011 Vendor response: 08.12.2011 Date of Public Advisory: 13.11.2012 Reference: SAP Security Note 1715040 Authors: Alexey Tyurin ERPScan...