Rewterz Threat Advisory – CVE-2019-0277 SAP HANA Extended Application Services

March 13, 2019

Severity

High

Analysis Summary

SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).

Impact

Exposure of sensitive information.
Denial of service.

Affected Products

SAP HANA Extended Application Services 1.0

Remediation

Updates are available.

Check vendor’s security note:

https://accounts.sap.com/saml2/idp/sso/accounts.sap.com

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Hackers Actively Exploit Critical Vulnerabilities in Exchange and SharePoint Servers

Mirai Botnet aka Katana – Active IOCs

GitHub Tools Deployed in CrazyHunter Ransomware Campaigns – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Two Malspam Campaigns Detected

Rewterz Threat Advisory – CVE-2019-7094 – Adobe Photoshop Arbitrary Code Execution Vulnerability

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.