← Retour aux CVEs
CVE-2017-16349
HIGH8.1
Description
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability.
Details CVE
Score CVSS v3.18.1
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie8/2/2018
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
sap:business_planning_and_consolidation
Faiblesses (CWE)
CWE-611
References
https://www.talosintelligence.com/vulnerability_reports/SAP(talos-cna@cisco.com)
https://www.talosintelligence.com/vulnerability_reports/SAP(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.