Unrated severityNVD Advisory· Published Jan 12, 2021· Updated Aug 3, 2024
CVE-2021-21470
CVE-2021-21470
Description
SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which could result in XXE-based attacks in applications that accept attacker-controlled XML configuration files. This occurs as logging service does not disable XML external entities when parsing configuration files and a successful exploit would result in limited impact on integrity and availability of the application.
Affected products
4- Range: =1010
- Range: =2.8
- SAP SE/SAP EPM Add-in for Microsoft Officev5Range: < 1010
- SAP SE/SAP EPM Add-in for SAP Analysis Officev5Range: < 2.8
Patches
Vulnerability mechanics
References
2- launchpad.support.sap.commitrex_refsource_MISC
- wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.