This module exploits the SAP NetWeaver BW XML External Entity vulnerability. An XML External Entities (XXE) issue exists within the XMLA service (XML DOCTYPE) function. The XXE vulnerability in SAP BW can lead to arbitrary file reading or an SMBRelay attack.
SAP Note 1597066 / DSECRG-12-033.
This module exploits an authentication bypass vulnerability in SAP Ne…
…tWeaver CTC service
SAP /sap/bw/xml/soap/xmla XMLA service (XML DOCTYPE) SMB relay