CVE-2019-0340: XEE
First published: Wed Aug 14 2019(Updated: )
The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Enable Now | <1902 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-0340?
CVE-2019-0340 is a vulnerability in SAP Enable Now before version 1902, where the XML parser has not been hardened correctly, leading to a Missing XML Validation vulnerability.
What is the severity of CVE-2019-0340?
The severity of CVE-2019-0340 is medium with a CVSS score of 5.4.
How does CVE-2019-0340 affect SAP Enable Now?
CVE-2019-0340 affects SAP Enable Now before version 1902 by allowing attackers to read local XXE files through the file upload feature at multiple locations.
How can I fix CVE-2019-0340?
To fix CVE-2019-0340, you should update SAP Enable Now to version 1902 or later, as this version has the XML parser hardened correctly.
Where can I find more information about CVE-2019-0340?
You can find more information about CVE-2019-0340 in the SAP Support Portal at the following links: [Link 1](https://launchpad.support.sap.com/#/notes/2794742) and [Link 2](https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017).
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap enable now