The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-05-23T03:56:00

Updated: 2024-08-05T16:48:22.822Z

Reserved: 2017-05-12T00:00:00

Link: CVE-2017-8913

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2017-05-23T04:29:02.243

Modified: 2021-04-20T19:37:03.733

Link: CVE-2017-8913

cve-icon Redhat

No data.