SAP NetWeaver Java Denial Of Service Vulnerabilities
15 Jun. 2016
Summary
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.4 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request.
An attacker can use an Information disclosure vulnerability to reveal additional information (system data, debugging information, etc) which will help him to learn about a system and to plan other attacks.