Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)
Vulnerability Description
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
SAP NetWeaver AS 代码问题漏洞
Vulnerability Description
SAP NetWeaver AS是德国思爱普(SAP)公司的一款SAP网络应用服务器。它不仅能提供网络服务,且还是SAP软件的基本平台。 SAP NetWeaver AS Java 7.50 版本存在代码问题漏洞,该漏洞源于允许未经身份验证的攻击者通过网络提交带有精心设计的 XML 文件的恶意请求,该请求在解析后将使他能够访问敏感文件和数据。
CVSS Information
N/A
Vulnerability Type
N/A