VYPR
Unrated severityNVD Advisory· Published Apr 10, 2019· Updated Aug 4, 2024

CVE-2019-0284

CVE-2019-0284

Description

SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity (XXE). This can cause SLDREG to, for example, continuously loop, read arbitrary files and even send local files.

Affected products

2
  • SAP/Hanallm-fuzzy
  • SAP SE/SAP HANAv5
    Range: < 1.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.