[ERPSCAN-14-015] SAP NetWeaver AS Java – XXE

Application: SAP NetWeaver AS Java
Versions Affected: SAP NetWeaver AS Java
Vendor URL: http://www.sap.com
Bugs: XXE
Reported: 16.06.2014
Vendor response: 17.06.2014
Date of Public Advisory: 17.10.2014
Reference: SAP Security Note 2045176
Authors: Vahagn Vardanyan (ERPScan)

SAP XML parser validates all incoming XML requests with user specified DTD.

Business Risk
It is possible for attackers to send any packets to any port of any system including localhost. It means that it is possible, for example, to send any administrative command to Gateway or Message Server because the source of the packet will be localhost, and there are no restrictions for localhost. Another example is an attack on other interfaces.


To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: