CVE-2015-2812 — XML External Entity (XXE) Injection in SAP Netweaver Enterprise Portal

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 31.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Netweaver Enterprise Portal

Timeline

PublishedApr 1

Latest updateMay 14

Description

XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsap/netweaver_enterprise_portal7.31

🔴Vulnerability Details

GHSA

GHSA-jw8c-m6q9-77wx: XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7↗2022-05-14

▶

CVEList

CVE-2015-2812: XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7↗2015-04-01

▶