SAP NetWeaver Knowledge Management XML External Entity Injection Vulnerability

SAP NetWeaver Knowledge Management is prone to an XML External Entity injection vulnerability.

Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions.

Information

Bugtraq ID: 97572
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Apr 11 2017 12:00AM
Updated: Apr 14 2017 12:04AM
Credit: SAP
Vulnerable: SAP NetWeaver 0
SAP Knowledge Management 0

Not Vulnerable:

References:

• SAP Homepage (SAP)
  
• SAP Security Note 2387249 (SAP)
  
• SAP Security Patch Day â?? April 2017 (SAP)
  

Source: www.securityfocus.com