The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via a crafted XML document in a request to irj/servlet/prt/portal/prtroot/com.sap.visualcomposer.BIKit.default, aka SAP Security Note 2386873.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-05-23T03:56:00
Updated: 2024-08-05T16:48:22.822Z
Reserved: 2017-05-12T00:00:00
Link: CVE-2017-8913
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2017-05-23T04:29:02.243
Modified: 2021-04-20T19:37:03.733
Link: CVE-2017-8913
Redhat
No data.