CVE-2019-0271: Input Validation
First published: Tue Mar 12 2019(Updated: )
ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Advanced Business Application Programming | ||
| SAP Advanced Business Application Programming Server | >=7.00<=7.31 | |
| SAP Advanced Business Application Programming Server | >=7.40<=7.52 | |
| SAP Kernel | =7.21 | |
| SAP Kernel | =7.22 | |
| SAP Kernel | =7.45 | |
| SAP Kernel | =7.49 | |
| SAP Kernel | =7.53 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap advanced business application programming
- canonical/sap advanced business application programming server
- version/sap advanced business application programming server/7.00
- version/sap advanced business application programming server/7.31
- version/sap advanced business application programming server/7.40
- version/sap advanced business application programming server/7.52
- canonical/sap kernel
- version/sap kernel/7.21
- version/sap kernel/7.22
- version/sap kernel/7.45
- version/sap kernel/7.49
- version/sap kernel/7.53