CVE-2017-16349

Published: Aug 2, 2018Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability.

Affected (1)

Products: Sap: Business Planning And Consolidation

1 product

Business Planning And Consolidation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Business Planning And Consolidation	All versions

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://www.talosintelligence.com/vulnerability_reports/SAP

Source: talos-cna@cisco.com

Broken Link

https://www.talosintelligence.com/vulnerability_reports/SAP

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.