Vulnerability Details CVE-2015-1309
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/62469
- https://erpscan.io/advisories/erpscan-15-001-sap-netweaver-ecatt_display_xmlstring_remote-xxe/
- https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/
- http://secunia.com/advisories/62469
- https://erpscan.io/advisories/erpscan-15-001-sap-netweaver-ecatt_display_xmlstring_remote-xxe/
- https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/
Products affected by CVE-2015-1309
-
cpe:2.3:a:sap:netweaver_abap:7.0
-
cpe:2.3:a:sap:netweaver_abap:7.02
-
cpe:2.3:a:sap:netweaver_abap:7.03
-
cpe:2.3:a:sap:netweaver_abap:7.10
-
cpe:2.3:a:sap:netweaver_abap:7.11
-
cpe:2.3:a:sap:netweaver_abap:7.21
-
cpe:2.3:a:sap:netweaver_abap:7.21ext
-
cpe:2.3:a:sap:netweaver_abap:7.22
-
cpe:2.3:a:sap:netweaver_abap:7.22ext
-
cpe:2.3:a:sap:netweaver_abap:7.30
-
cpe:2.3:a:sap:netweaver_abap:7.31