XML External Entity Vulnerability in SAP NetWeaver Portal
CVE-2015-2811

Currently unrated

Key Information:

Vendor: SAP
Status: Netweaver Enterprise Portal
Vendor: CVE Published:; 1 April 2015

Summary

An XML External Entity (XXE) vulnerability exists within the ReportXmlViewer component of SAP NetWeaver Portal. This flaw may allow remote attackers to craft malicious XML requests that could gain unauthorized access to intranet servers. The exploitation of this vulnerability poses a significant risk by potentially revealing sensitive information from an internal network. SAP Security Note 2111939 addresses this issue, urging users to apply necessary mitigations to safeguard their systems.

References

http://seclists.org/fulldisclosure/2015/Jun/64

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/archive/1/535827/100/800/thr...

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/132358/SAP-NetWeaver...

x_refsource_MISC

Timeline

Vulnerability published
Apr 1, 2015
Vulnerability Reserved
Apr 1, 2015