CVE-2019-0340 — MEDIUM (5.4)

Q: How severe is CVE-2019-0340?

CVE-2019-0340 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-0340?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Enable Now.

Vulnerability Description

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Enable Now	< 1902

Related Weaknesses (CWE)

CWE-611

References

https://launchpad.support.sap.com/#/notes/2794742Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017Vendor Advisory
https://launchpad.support.sap.com/#/notes/2794742Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017Vendor Advisory

FAQ

What is CVE-2019-0340?

CVE-2019-0340 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at mult...

How severe is CVE-2019-0340?

CVE-2019-0340 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-0340?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Enable Now.