255 matches found
CVE-2020-6177
SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server...
Missing XML Validation in PAN-OS Web Interface
Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than...
CVE-2019-0396
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly...
Hardcoded credentials
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, corrected in versions 4.1 and 4.2, does not sufficiently validate an XML document accepted from an untrusted source. An attacker can craft a message that contains malicious elements that will not be correctly...
CVE-2019-14451
RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achie...
CVE-2019-14451
RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achie...
CVE-2019-14451
RepetierServer.exe in Repetier-Server 0.8 through 0.91 does not properly validate the XML data structure provided when uploading a new printer configuration. When this is combined with CVE-2019-14450, an attacker can upload an "external command" configuration as a printer configuration, and achie...
CVE-2019-0340
The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files...
Input validation
The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files...
CVE-2019-0340
CVE-2019-0340 affects SAP Enable Now; before version 1902 its XML parser is not hardened, enabling Missing XML Validation and local XXE disclosure via file upload at multiple locations. The NVD entry lists CVSSv3 base 5.4 (Medium) with network attack, low privileges, no user interaction. Connecte...
CVE-2019-0340
The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files...
CVE-2019-0268
SAP BusinessObjects Business Intelligence Platform CMC Module, versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source...
Design/Logic Flaw
SAP BusinessObjects Business Intelligence Platform CMC Module, versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source...
CVE-2019-0271
ABAP Server used in NetWeaver and Suite/ERP and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity XEE vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that i...
Xxe
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space XML External Entity vulnerability...
CVE-2019-0268
SAP BusinessObjects Business Intelligence Platform CMC Module, versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source...
CVE-2019-0277
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space XML External Entity vulnerability...
CVE-2019-0268
SAP BusinessObjects Business Intelligence Platform CMC Module, versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source...
CVE-2018-2492
CVE-2018-2492 affects SAP NetWeaver AS Java where the SAML 2.0 functionality does not sufficiently validate XML documents from an untrusted source. The issue is resolved by updating to versions 7.2, 7.30, 7.31, 7.40 or 7.50. The description notes the vulnerability and its remediation, but the pro...
CVE-2018-2492
SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50...