Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1962

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-1962
Last Modified 21 Feb 2014 12:06:48
Published 14 Feb 2014 10:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1962

Summary

Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue.

Vulnerable Systems

Application

  • Sap Customer Relationship Management 7.02


References

CONFIRM - https://service.sap.com/sap/support/notes/1917054

SECUNIA - 56944

CONFIRM - http://scn.sap.com/docs/DOC-8218

MISC - http://erpscan.com/advisories/erpscan-14-003-sap-crm-gwsync-xxe/

XF - sap-crm-info-disc(91098)


Last Updated: 27 May 2016 11:04:28