Vulnerability Details CVE-2019-0277
SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.7%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 5.5
References
- http://www.securityfocus.com/bid/107356
- https://launchpad.support.sap.com/#/notes/2764283
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080
- http://www.securityfocus.com/bid/107356
- https://launchpad.support.sap.com/#/notes/2764283
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080
Products affected by CVE-2019-0277
-
cpe:2.3:a:sap:hana_extended_application_services:1.0