Lucene search

[email protected]CVE-2015-4091

HistoryMay 26, 2015 - 2:59 p.m.

CVE-2015-4091

2015-05-2614:59:00

[email protected]

web.nvd.nist.gov

cve-2015-4091

xxe vulnerability

sap netweaver as java 7.4

remote attackers

tcp requests

sap security note 2090851

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON

XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to “CIM UPLOAD,” aka SAP Security Note 2090851.

Affected configurations

NVD

Node

sapsap_netweaver_application_server_javaMatch7.4

CPENameOperatorVersion
sap:sap_netweaver_application_server_javasap sap netweaver application server javaeq7.4

CPE	Name	Operator	Version
sap:sap_netweaver_application_server_java	sap sap netweaver application server java	eq	7.4

References

packetstormsecurity.com/files/133122/SAP-NetWeaver-AS-Java-XXE-Injection.html

seclists.org/fulldisclosure/2015/May/96

www.securityfocus.com/archive/1/536239/100/0/threaded

www.securityfocus.com/bid/74850

erpscan.io/advisories/erpscan-15-013-sap-netweaver-as-java-cim-upload-xxe

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for CVE-2015-4091

erpscan1 cvelist1 prion1 nvd1