CVE-2014-1962

Published: Feb 14, 2014Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.

Affected (1)

Products: Sap: Customer Relationship Management

Sap

1 product

Customer Relationship Management

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Customer Relationship Management	Version 7.02 ehp2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://scn.sap.com/docs/DOC-8218

Source: cve@mitre.org

http://secunia.com/advisories/56944

Source: cve@mitre.org

Vendor Advisory

https://erpscan.io/advisories/erpscan-14-003-sap-crm-gwsync-xxe/

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/91098

Source: cve@mitre.org

https://service.sap.com/sap/support/notes/1917054

Source: cve@mitre.org

http://scn.sap.com/docs/DOC-8218