• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2019-7094 – Adobe Photoshop Arbitrary Code Execution Vulnerability
March 13, 2019
Rewterz Threat Advisory – CVE-2019-0275 SAP NetWeaver Java AS Cross Site Scripting Vulnerability
March 13, 2019

Rewterz Threat Advisory – CVE-2019-0271 SAP Netweaver ABAP Server XML External Entity Injection Vulnerability

March 13, 2019

Severity

Medium

Analysis Summary

A vulnerability was found in SAP NetWeaver and ABAP Platform (Solution Stack Software).  Affected by this issue is some processing of the component ABAP Server. The manipulation as part of a XML Document leads to a privilege escalation vulnerability (XXE). 

Impact

  • Exposure of sensitive information.
  • Denial of service.

Affected Products

SAP NetWeaver ABAP 7.50
SAP NetWeaver ABAP 7.49
SAP NetWeaver ABAP 7.45
SAP NetWeaver ABAP 7.40
SAP NetWeaver ABAP 7.31
SAP NetWeaver ABAP 7.30
SAP NetWeaver ABAP 7.22EXT
SAP NetWeaver ABAP 7.22
SAP NetWeaver ABAP 7.21EXT
SAP NetWeaver ABAP 7.21
SAP NetWeaver ABAP 7.11
SAP NetWeaver ABAP 7.10
SAP NetWeaver ABAP 7.03 Sp4
SAP NetWeaver ABAP 7.02 Sp6
SAP NetWeaver ABAP 7.02
SAP NetWeaver ABAP 7.00
SAP Kernel 7.53
SAP Kernel 7.49
SAP Kernel 7.45
SAP Kernel 7.22
SAP Kernel 7.21

Remediation

Vendor has not released any patches or updates yet. 

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.