CVE-2013-6815

The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
sapnetweaver
𝑥
≤ 7.31
sapnetweaver
4.0
sapnetweaver
6.4
sapnetweaver
7.0
sapnetweaver
7.0:ehp1
sapnetweaver
7.0:ehp2
sapnetweaver
7.0:sp15
sapnetweaver
7.0:sp8
sapnetweaver
7.01
sapnetweaver
7.02
sapnetweaver
7.03
sapnetweaver
7.10
sapnetweaver
7.30
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://scn.sap.com/docs/DOC-8218
http://secunia.com/advisories/55620
https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/
https://service.sap.com/sap/support/notes/1890819
http://scn.sap.com/docs/DOC-8218
http://secunia.com/advisories/55620
https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/
https://service.sap.com/sap/support/notes/1890819