漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA
Vulnerability Description
Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
SAP NetWeaver AS 代码问题漏洞
Vulnerability Description
SAP NetWeaver AS是德国思爱普(SAP)公司的一款SAP网络应用服务器。它不仅能提供网络服务,且还是SAP软件的基本平台。 SAP NetWeaver AS JAVA存在代码问题漏洞,该漏洞源于缺少对XML输入的验证,未经身份验证的攻击者会向端点发送恶意输入,从而导致XML实体扩展攻击。
CVSS Information
N/A
Vulnerability Type
N/A