Details of VAR-201206-0647

ID

VAR-201206-0647

TITLE

SAP NetWeaver Business Warehouse XML External Entity Information Disclosure Vulnerability

Trust: 0.3

sources: BID: 55806

DESCRIPTION

SAP NetWeaver Business Warehouse is prone to an information-disclosure vulnerability. This issue is vulnerable to XML External Entity attacks. An attackers can exploit this issue to gain access to sensitive information; this may lead to further attacks. Versions SAP NetWeaver Business Warehouse 6.40 and 7.02 are vulnerable; other versions may also be affected.

Trust: 0.3

sources: BID: 55806

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver business warehouse	scope:	eq	version:	7.02	Trust: 0.3
vendor:	sap	model:	netweaver business warehouse	scope:	eq	version:	6.40	Trust: 0.3

sources: BID: 55806

THREAT TYPE

network

Trust: 0.3

sources: BID: 55806

TYPE

Unknown

Trust: 0.3

sources: BID: 55806

EXTERNAL IDS

db:

BID

id:

55806

Trust: 0.3

sources: BID: 55806

REFERENCES

url:	http://www.sap.com/solutions/technology/data-warehousing/sapnetweaver-business-warehouse/index.epx	Trust: 0.3
url:	http://erpscan.com/advisories/dsecrg-12-033-sap-basis-6-407-02-xml-external-entity/	Trust: 0.3
url:	https://service.sap.com/sap/support/notes/1597066	Trust: 0.3

sources: BID: 55806

CREDITS

Alexey Tyurin (ERPScan)

Trust: 0.3

sources: BID: 55806

SOURCES

db:

BID

id:

55806

LAST UPDATE DATE

2022-05-17T02:00:09.508000+00:00

SOURCES UPDATE DATE

db:

BID

id:

55806

date:

2012-06-30T00:00:00

SOURCES RELEASE DATE

db:

BID

id:

55806

date:

2012-06-30T00:00:00