Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SAP Netweaver ABAP 代码问题漏洞
Vulnerability Description
SAP Netweaver是德国思爱普(SAP)公司的一套面向服务的集成化应用平台。该平台主要为SAP应用程序提供开发和运行环境。ABAP是一款运行于NetWeaver中且基于ABAP高级编程语言的应用服务器。 SAP NetWeaver ABAP中的Kernel存在XML外部实体注入漏洞,该漏洞源于程序没有对来自不可信源的xml文件进行充分验证。远程攻击者可利用该漏洞读取任意文件,执行任意命令。以下产品和版本受到影响:SAP NetWeaver ABAP 7.52版本,7.50版本,7.49版本,7.4
CVSS Information
N/A
Vulnerability Type
N/A