Unrated severityNVD Advisory· Published Apr 10, 2019· Updated Aug 4, 2024
CVE-2019-0284
CVE-2019-0284
Description
SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity (XXE). This can cause SLDREG to, for example, continuously loop, read arbitrary files and even send local files.
Affected products
2- SAP SE/SAP HANAv5Range: < 1.0
Patches
Vulnerability mechanics
References
2- launchpad.support.sap.commitrex_refsource_CONFIRM
- wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.