Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-7241XML External Entity (XXE) Injection in SAP Netweaver

CWE-611XML External Entity (XXE) Injection4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
27.4%
top 3.58%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SAP Netweaver
Timeline
PublishedSep 6
Latest updateMay 14

Description

XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDsap/netweaver7.0

🔴Vulnerability Details

2
GHSA
GHSA-93x2-2w8g-55m7: XML External Entity (XXE) vulnerability in SAP Netweaver before 72022-05-14
CVEList
CVE-2015-7241: XML External Entity (XXE) vulnerability in SAP Netweaver before 72017-09-06

💥Exploits & PoCs

1
Exploit-DB
SAP NetWeaver < 7.01 - XML External Entity Injection2015-09-22
CVE-2015-7241 — XML External Entity (XXE) Injection | cvebase