CVE-2016-3974
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remo
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994.
CRITICAL · CVSS 9.1
EPSS 0.12625
Act now
- EPSS ≥ 0.10 - elevated exploitation probability
- EPSS percentile: top 6% of all CVEs by exploitation likelihood
- Public exploit or PoC is available
- CVSS base score ≥ 7.0
Sigma rules0
YARA rules0