CVE-2013-6815
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
20/11/2013
Last modified:
11/04/2025
Description
The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:* | 7.31 (including) | |
| cpe:2.3:a:sap:netweaver:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:6.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:7.0:ehp2:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:7.0:sp15:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:7.0:sp8:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:7.01:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:7.02:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:7.03:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:7.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://scn.sap.com/docs/DOC-8218
- http://secunia.com/advisories/55620
- https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/
- https://service.sap.com/sap/support/notes/1890819
- http://scn.sap.com/docs/DOC-8218
- http://secunia.com/advisories/55620
- https://erpscan.io/advisories/erpscan-13-020-sap-netweaver-shsti_upload_xml-xxe/
- https://service.sap.com/sap/support/notes/1890819