CVE-2015-1309

6 documents6 sources

Severity

5.0MEDIUM

EPSS

0.4%

top 37.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Netweaver Abap

Timeline

PublishedJan 22

Latest updateMay 14

Description

XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsap/netweaver_abap7.31

🔴Vulnerability Details

GHSA

GHSA-2945-6wgc-c9rc: XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7↗2022-05-14

▶

CVEList

CVE-2015-1309: XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7↗2015-01-22

▶

💥Exploits & PoCs

Exploit-DB

Apport (Ubuntu 14.04/14.10/15.04) - Race Condition Privilege Escalation↗2015-05-23

▶

📋Vendor Advisories

Red Hat

webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-26

▶

💬Community

Bugzilla

CVE-2014-1309 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-27

▶