CVE-2023-41369

MEDIUM Year: 2023
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-611
View all →

Vulnerability Description

The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.

Related Vulnerabilities

CVE-2015-3160

MEDIUM
CVSS:4.3(Medium)

XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing en...

CWE-6112015

CVE-2016-0268

MEDIUM
CVSS:4.3(Medium)

XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check ...

CWE-6112016

CVE-2017-10889

MEDIUM
CVSS:4.3(Medium)

TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.

CWE-6112017

CVE-2017-3839

MEDIUM
CVSS:4.3(Medium)

An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the ...

CWE-6112017

CVE-2018-6225

MEDIUM
CVSS:4.3(Medium)

An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.

CWE-6112018

CVE-2020-26247

MEDIUM
CVSS:4.3(Medium)

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokog...

CWE-6112020