Description
SOAP Web Services in SAP BO BIP has an XXE vulnerability. This vulnerability allows an attacker to send crafted requests to a web application for extraction of secrets from the file system, server-side request forgery or denial-of-service attacks.
Remediation
Upgrade to the latest version of SAP BO BIP
References
Related Vulnerabilities
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2017-2670)
Oracle JRE CVE-2012-5087 Vulnerability (CVE-2012-5087)
Oracle Application Server Other Vulnerability (CVE-2006-3710)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1915)