CVE-2023-26461: XML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal)
First published: Tue Mar 14 2023(Updated: )
SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view sensitive data which is owned by certain privileges.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Enterprise Portal | =7.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SAP NetWeaver vulnerability?
The vulnerability ID for this SAP NetWeaver vulnerability is CVE-2023-26461.
What is the severity rating of CVE-2023-26461?
CVE-2023-26461 has a severity rating of medium (4.9).
What software versions are affected by CVE-2023-26461?
The affected software version for CVE-2023-26461 is SAP NetWeaver Enterprise Portal version 7.50.
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-26461?
The CWE ID for CVE-2023-26461 is CWE-611.
Are there any references or additional resources available for CVE-2023-26461?
Yes, you can find additional resources for CVE-2023-26461 at the following links: [SAP Note](https://launchpad.support.sap.com/#/notes/3284550) and [SAP Document](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/sap
- canonical/sap netweaver enterprise portal
- version/sap netweaver enterprise portal/7.50