CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

NVD•added 2017/07/25 6:29 p.m.•12 views

CVE-2017-11457

XML external entity XXE vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249...

6.5CVSS6.3AI score0.00587EPSS

Exploits0References2

Prion•added 2017/07/25 6:29 p.m.•17 views

Server side request forgery (ssrf)

4CVSS6.2AI score0.00587EPSS

Exploits0References2Affected Software1

Cvelist•added 2017/07/25 6:0 p.m.•18 views

CVE-2017-11457

6.3AI score0.00587EPSS

Exploits0References2

CVE•added 2017/07/25 6:0 p.m.•64 views

CVE-2017-11457

CVE-2017-11457 is an XXE vulnerability in SAP NetWeaver AS JAVA 7.5, affecting the component com.sap.km.cm.ice . A remote authenticated attacker can abuse a crafted XML DTD to read arbitrary files or perform SSRF. The issue is documented against SAP NetWeaver AS JAVA 7.5 via SAP Security Note 238...

6.5CVSS6.2AI score0.00587EPSS

Exploits0References2Affected Software1

erpscan•added 2016/06/17 12:0 a.m.•152 views

SAP NetWeaver AS Java 7.5 XXE in com.sap.km.cm.ice

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2387249 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE...

4CVSS6.8AI score0.00587EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by