Vulnerability Details CVE-2015-2812
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/132356/SAP-NetWeaver-Portal-7.31-XXE-Injection.html
- http://seclists.org/fulldisclosure/2015/Jun/62
- http://www.securityfocus.com/archive/1/535826/100/800/threaded
- https://erpscan.io/advisories/erpscan-15-004-sap-netweaver-portal-xmlvalidationcomponent-xxe/
- http://packetstormsecurity.com/files/132356/SAP-NetWeaver-Portal-7.31-XXE-Injection.html
- http://seclists.org/fulldisclosure/2015/Jun/62
- http://www.securityfocus.com/archive/1/535826/100/800/threaded
- https://erpscan.io/advisories/erpscan-15-004-sap-netweaver-portal-xmlvalidationcomponent-xxe/
Products affected by CVE-2015-2812
-
cpe:2.3:a:sap:netweaver_enterprise_portal:7.31