Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-5919

Summary
Assigner-palo_alto
Assigner Org ID-d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At-14 Nov, 2024 | 09:36
Updated At-14 Nov, 2024 | 19:41
Rejected At-
Credits

PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability

A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:palo_alto
Assigner Org ID:d6c1279f-00f6-4ef7-9217-f89ffe703ec0
Published At:14 Nov, 2024 | 09:36
Updated At:14 Nov, 2024 | 19:41
Rejected At:
▼CVE Numbering Authority (CNA)
PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability

A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.

Affected Products
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Cloud NGFW
Default Status
unaffected
Versions
Unaffected
  • All
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
PAN-OS
CPEs
  • cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.0.1:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.0.0:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:11.0:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h16:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h15:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h14:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h13:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h12:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h11:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h10:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h9:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h8:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h7:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h6:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h5:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.4:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h13:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h12:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h11:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h10:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h9:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h8:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h7:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h6:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h5:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.3:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h5:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.2:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.1:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2.0:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.2:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h8:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h7:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h6:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h5:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.9:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h7:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h6:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h5:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.8:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.7:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h8:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h7:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h6:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h5:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.6:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.5:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h6:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h5:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h4:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.4:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h3:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h2:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:h1:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.3:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.2:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.1:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1.0:-:*:*:*:*:*:*
  • cpe:2.3:o:paloaltonetworks:pan-os:10.1:-:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 11.0.0 before 11.0.2 (custom)
    • -> unaffectedfrom11.0.2
  • From 10.2.0 before 10.2.5 (custom)
    • -> unaffectedfrom10.2.5
  • From 10.1.0 before 10.1.10 (custom)
    • -> unaffectedfrom10.1.10
Unaffected
  • 11.2.0
  • 11.1.0
Vendor
Palo Alto Networks, Inc.Palo Alto Networks
Product
Prisma Access
Default Status
unaffected
Versions
Unaffected
  • All
Problem Types
TypeCWE IDDescription
CWECWE-611CWE-611 Improper Restriction of XML External Entity Reference
Type: CWE
CWE ID: CWE-611
Description: CWE-611 Improper Restriction of XML External Entity Reference
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:C/RE:M/U:Amber
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/AU:N/R:A/V:C/RE:M/U:Amber
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-201CAPEC-201 XML Entity Linking
CAPEC ID: CAPEC-201
Description: CAPEC-201 XML Entity Linking
Solutions

This issue is fixed in PAN-OS 10.1.10, PAN-OS 10.2.5, PAN-OS 11.0.2, and all later PAN-OS versions.

Configurations
Workarounds
Exploits

Palo Alto Networks is not aware of any malicious exploitation of this issue.

Credits
finder
Dan Marin of Deloitte
finder
Cristian Mocanu of Deloitte
finder
Alex Hordijk
Timeline
EventDate
Initial publication2024-11-13 17:00:00
Event: Initial publication
Date: 2024-11-13 17:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.paloaltonetworks.com/CVE-2024-5919
vendor-advisory
Hyperlink: https://security.paloaltonetworks.com/CVE-2024-5919
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@paloaltonetworks.com
Published At:14 Nov, 2024 | 10:15
Updated At:24 Jan, 2025 | 16:06

A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:M/U:Amber
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:M/U:Amber
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>Versions from 10.1.0(inclusive) to 10.1.10(exclusive)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>Versions from 10.2.0(inclusive) to 10.2.5(exclusive)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Palo Alto Networks, Inc.
paloaltonetworks
>>pan-os>>Versions from 11.0.0(inclusive) to 11.0.2(exclusive)
cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-611Secondarypsirt@paloaltonetworks.com
CWE-611Primarynvd@nist.gov
CWE ID: CWE-611
Type: Secondary
Source: psirt@paloaltonetworks.com
CWE ID: CWE-611
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.paloaltonetworks.com/CVE-2024-5919psirt@paloaltonetworks.com
Vendor Advisory
Hyperlink: https://security.paloaltonetworks.com/CVE-2024-5919
Source: psirt@paloaltonetworks.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

56Records found
CVE-2024-51445
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.33%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 09:38
Updated-13 May, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from the application server.

Action-Not Available
Vendor-Siemens AG
Product-Polarion V2404Polarion V2310
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-27736
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 50.63%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 13:14
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FusionAuth fusionauth-samlv2 before 0.5.4 allows XXE attacks via a forged AuthnRequest or LogoutRequest because parseFromBytes uses javax.xml.parsers.DocumentBuilderFactory unsafely.

Action-Not Available
Vendor-fusionauthn/a
Product-saml_v2n/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-21701
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-6.5||MEDIUM
EPSS-1.79% / 82.00%
||
7 Day CHG~0.00%
Published-12 Nov, 2021 | 10:35
Updated-03 Aug, 2024 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Performance Plugin 3.20 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

Action-Not Available
Vendor-Jenkins
Product-performanceJenkins Performance Plugin
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2021-20801
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.49% / 64.45%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 08:30
Updated-03 Aug, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox.

Action-Not Available
Vendor-Cybozu, Inc.
Product-remote_service_managerCybozu Remote Service
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2020-7035
Matching Score-4
Assigner-Avaya, Inc.
ShareView Details
Matching Score-4
Assigner-Avaya, Inc.
CVSS Score-8.1||HIGH
EPSS-0.32% / 54.78%
||
7 Day CHG~0.00%
Published-23 Apr, 2021 | 21:00
Updated-16 Sep, 2024 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XXE in Avaya Aura Orchestration Designer

An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3.

Action-Not Available
Vendor-Avaya LLC
Product-aura_orchestration_designerAura Orchestration Designer
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2017-11457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.59% / 68.13%
||
7 Day CHG~0.00%
Published-25 Jul, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.

Action-Not Available
Vendor-n/aSAP SE
Product-netweaver_application_server_javan/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
  • Previous
  • 1
  • 2
  • Next
Details not found