NVD

Id
19736  
Name
CVE-2016-4014  
Description
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.  
Reject
 
CVSS Version
2  
CVSS Score
9  
Severity
High  
CVSS Base Score
9  
CVSS Impact Subscore
8.5  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:C)  
Pub Date
2017-01-19  
Published
2016-04-14  
Modified Date
2016-08-15  
Seq
2016-4014  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
108115 19736 CVE-2016-4014 http://packetstormsecurity.com/files/137919/SAP-NetWeaver-AS-JAVA-7.4-XXE-Injection.html  View
108116 19736 CVE-2016-4014 20160715 [ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability  View
108117 19736 CVE-2016-4014 https://erpscan.com/advisories/erpscan-16-020-sap-netweaver-java-uddi-component-xxe-vulnerability/  View
108118 19736 CVE-2016-4014 https://erpscan.com/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
1395 JVNDB-2016-002168 SAP NetWeaver JAVA AS の UDDI コンポーネントにおける XML 外部エンティティの脆弱性 SAP NetWeaver JAVA AS の UDDI コンポーネントには、XML 外部エンティティ (XXE) の脆弱性が存在します。 CVE-2016-4014 90520 CVE-2016-4014 19736 9 8.6 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002168.html 2016-04-14 2016-04-22 View