CVE-2019-0277

medium

Description

SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080

https://launchpad.support.sap.com/#/notes/2764283

http://www.securityfocus.com/bid/107356

Details

Source: Mitre, NVD

Published: 2019-03-12

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H