SAP NetWeaver AS JAVA BC-BMT-BPM-DSK XXE安全漏洞(CVE-2016-
SAP NetWeaver AS JAVA BC-BMT-BPM-DSK XXE安全漏洞(CVE-2016-9563)
发布日期:2016-11-23
更新日期:2016-11-24
受影响系统:
描述:
CVE(CAN) ID: CVE-2016-9563
SAP NetWeaver是SAP的集成技术平台和自从SAP Business Suite以来的所有SAP应用的技术基础。
SAP NetWeaver AS JAVA 7.5版本在BC-BMT-BPM-DSK实现上存在安全漏洞。通过sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI,远程用户利用此漏洞可执行XML外部实体攻击(XXE)。
<*来源:Vahagn Vardanyan (ERPScan)
*>
建议:
厂商补丁:
SAP
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://erpscan.com/advisories/erpscan-16-034-sap-netweaver-java-xxe-vulnerability-bc-bmt-bpm-dsk-component/
相关推荐
gaobudong 2020-11-04
锋锋 2020-10-26
GigibondBaby 2020-09-21
zhyue 2020-09-19
guicaizhou 2020-09-15
智能的世界 2020-09-15
wuzhiwuweisun 2020-09-11
kururunga 2020-07-16
锋锋 2020-07-14
xlb 2020-07-12
wildelf 2020-07-12
Bellboy 2020-06-28
XiaoMuFireAnt 2020-06-18
bbccaaa 2020-05-13
scmrpu 2020-05-11
taishanduba 2020-04-29
fengzhizi0 2020-04-18
liuyaping 2020-04-17
fengzhizi0 2020-04-17