CVE-2019-17554 Apache Olingo OData 4.0 XML External Entity Injection – 4th Dec 2019

Preface: When you are sitting on the same boat. The risks at the time of the event are equal.

Background: Open Data Protocol (OData) is an open protocol which allows the creation and consumption of queryable and interoperable RESTful APIs in a standard way. Apache Olingo is a Java library that implements the Open Data Protocol (OData). In SAP HANA DB environment, quite a lot of business application system will work with Apache Olingo.

Vulnerability details: The XML content type entity deserializer is not configured to deny the resolution of external entities. Request with content type “application/xml”, which trigger the deserialization of entities, can be used to trigger XXE attacks.

For security advice provided by Symantec, please refer to the link-

2 thoughts on “CVE-2019-17554 Apache Olingo OData 4.0 XML External Entity Injection – 4th Dec 2019”

  1. Hello, Neat post. There’s a problem with your site in web explorer,
    might check this? IE nonetheless is the marketplace chief and
    a huge component of folks will miss your great writing because of this problem.

  2. It’s really a nice and helpful piece of info.
    I am happy that you shared this helpful information with us.
    Please keep us informed like this. Thank you for sharing.

Comments are closed.