CVE-2019-0284
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity (XXE). This can cause SLDREG to, for example, continuously loop, read arbitrary files and even send local files.
El registro de SLD en SAP HANA (corregido en las versiones 1.0, 2.0) no valida suficientemente un documento XML aceptado de una fuente no confiable. El atacante puede llamar a SLDREG con un archivo XML que contiene una referencia a una entidad externa XML (XXE). Esto puede hacer que SLDREG, por ejemplo, realice un bucle continuo, lea archivos arbitrarios e incluso envĂe archivos locales.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-11-26 CVE Reserved
- 2019-04-10 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114 | 2019-04-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sap Search vendor "Sap" | Hana Search vendor "Sap" for product "Hana" | 1.0 Search vendor "Sap" for product "Hana" and version "1.0" | - |
Affected
| ||||||
Sap Search vendor "Sap" | Hana Search vendor "Sap" for product "Hana" | 2.0 Search vendor "Sap" for product "Hana" and version "2.0" | - |
Affected
|