Vulnerability Details CVE-2017-8913
The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://erpscan.io/advisories/erpscan-17-007-sap-netweaver-java-7-5-xxe-visual-composer-vc70runtime/
- https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-february-2017/
- https://erpscan.io/advisories/erpscan-17-007-sap-netweaver-java-7-5-xxe-visual-composer-vc70runtime/
- https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-february-2017/
Products affected by CVE-2017-8913
-
cpe:2.3:a:sap:netweaver_application_server_java:7.50