Lucene search
K

255 matches found

Cvelist
Cvelist
added 2020/02/12 7:45 p.m.18 views

CVE-2020-6177

SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server...

4.3CVSS4.6AI score0.00847EPSS
Exploits0References2
Palo Alto Networks
Palo Alto Networks
added 2020/02/12 5:0 p.m.23 views

Missing XML Validation in PAN-OS Web Interface

Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than...

8.8CVSS3.5AI score0.00998EPSS
Exploits0References1
OSV
OSV
added 2019/11/13 11:15 p.m.4 views

CVE-2019-0396

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly...

7.1CVSS5.8AI score0.00897EPSS
Exploits0References2
Prion
Prion
added 2019/11/13 11:15 p.m.22 views

Hardcoded credentials

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly...

5.5CVSS6.8AI score0.00897EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/10/25 5:15 p.m.4 views

CVE-2019-14451

RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achie...

9.8CVSS7.6AI score0.04451EPSS
Exploits0References2
NVD
NVD
added 2019/10/25 5:15 p.m.29 views

CVE-2019-14451

RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achie...

10CVSS10AI score0.04451EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/10/25 4:27 p.m.30 views

CVE-2019-14451

RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achie...

10AI score0.04451EPSS
Exploits0References2
NVD
NVD
added 2019/08/14 2:15 p.m.18 views

CVE-2019-0340

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files...

5.5CVSS5.4AI score0.00689EPSS
Exploits0References2
Prion
Prion
added 2019/08/14 2:15 p.m.17 views

Input validation

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files...

5.5CVSS5.4AI score0.00689EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/08/14 1:51 p.m.59 views

CVE-2019-0340

CVE-2019-0340 affects SAP Enable Now; before version 1902 its XML parser is not hardened, enabling Missing XML Validation and local XXE disclosure via file upload at multiple locations. The NVD entry lists CVSSv3 base 5.4 (Medium) with network attack, low privileges, no user interaction. Connecte...

5.5CVSS5.4AI score0.00689EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/08/14 1:51 p.m.22 views

CVE-2019-0340

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files...

5.4AI score0.00689EPSS
Exploits0References2
OSV
OSV
added 2019/03/12 10:29 p.m.3 views

CVE-2019-0268

SAP BusinessObjects Business Intelligence Platform CMC Module, versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source...

8.1CVSS5.8AI score0.02242EPSS
Exploits0References3
Prion
Prion
added 2019/03/12 10:29 p.m.18 views

Design/Logic Flaw

SAP BusinessObjects Business Intelligence Platform CMC Module, versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source...

5.5CVSS8.1AI score0.02242EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2019/03/12 10:29 p.m.21 views

CVE-2019-0271

ABAP Server used in NetWeaver and Suite/ERP and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity XEE vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that i...

6.5CVSS6.5AI score0.01462EPSS
Exploits0References5
Prion
Prion
added 2019/03/12 10:29 p.m.23 views

Xxe

SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space XML External Entity vulnerability...

5.5CVSS6.4AI score0.02167EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2019/03/12 10:29 p.m.24 views

CVE-2019-0268

SAP BusinessObjects Business Intelligence Platform CMC Module, versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source...

8.1CVSS8.2AI score0.02242EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/03/12 10:0 p.m.23 views

CVE-2019-0277

SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space XML External Entity vulnerability...

6.5AI score0.02167EPSS
Exploits0References3
Cvelist
Cvelist
added 2019/03/12 10:0 p.m.27 views

CVE-2019-0268

SAP BusinessObjects Business Intelligence Platform CMC Module, versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source...

8.2AI score0.02242EPSS
Exploits0References3
CVE
CVE
added 2018/12/11 11:0 p.m.54 views

CVE-2018-2492

CVE-2018-2492 affects SAP NetWeaver AS Java where the SAML 2.0 functionality does not sufficiently validate XML documents from an untrusted source. The issue is resolved by updating to versions 7.2, 7.30, 7.31, 7.40 or 7.50. The description notes the vulnerability and its remediation, but the pro...

7.1CVSS6.8AI score0.01138EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/12/11 10:29 p.m.17 views

CVE-2018-2492

SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50...

7.1CVSS6.9AI score0.01138EPSS
Exploits0References3
Rows per page
Query Builder