CVE-2019-0284

MEDIUM Year: 2019
CVSS v3 Score
6.0
Medium
CVSS v2 Score
3.6
Low
Weakness Type
CWE-611
View all →

Vulnerability Description

SLD Registration in SAP HANA (fixed in versions 1.0, 2.0) does not sufficiently validate an XML document accepted from an untrusted source. The attacker can call SLDREG with an XML file containing a reference to an XML External Entity (XXE). This can cause SLDREG to, for example, continuously loop, read arbitrary files and even send local files.

Related Vulnerabilities

CVE-2023-20030

MEDIUM
CVSS:6.0(Medium)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side reque...

CWE-6112023

CVE-2016-6805

MEDIUM
CVSS:5.9(Medium)

Apache Ignite before 1.9 allows man-in-the-middle attackers to read arbitrary files via XXE in modified update-notifier documents.

CWE-6112016

CVE-2017-6344

MEDIUM
CVSS:5.9(Medium)

XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document.

CWE-6112017

CVE-2018-17247

MEDIUM
CVSS:5.9(Medium)

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing external network access has been added to Elasticsearch's Java S...

CWE-6112018

CVE-2019-10172

MEDIUM
CVSS:5.9(Medium)

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in differe...

CWE-6112019

CVE-2019-12711

MEDIUM
CVSS:6.1(Medium)

A vulnerability in the web-based interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote atta...

CWE-6112019