CVE-2015-2811 — XML External Entity (XXE) Injection in SAP Netweaver Enterprise Portal

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 28.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Netweaver Enterprise Portal

Timeline

PublishedApr 1

Latest updateMay 14

Description

XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsap/netweaver_enterprise_portal7.31

🔴Vulnerability Details

GHSA

GHSA-vjxx-m4c9-mp2v: XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7↗2022-05-14

▶

CVEList

CVE-2015-2811: XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7↗2015-04-01

▶

📋Vendor Advisories

Apache

Apache tika: CVE-2015-3271↗

▶