CVE-2015-2812

2015-04-0114:00:00

mitre

www.cve.org

6.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.9%

JSON

XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.

References

packetstormsecurity.com/files/132356/SAP-NetWeaver-Portal-7.31-XXE-Injection.html

seclists.org/fulldisclosure/2015/Jun/62

www.securityfocus.com/archive/1/535826/100/800/threaded

erpscan.io/advisories/erpscan-15-004-sap-netweaver-portal-xmlvalidationcomponent-xxe/