CVE-2015-2811

Currently unrated

Key Information:

Vendor: SAP
Status: Netweaver Enterprise Portal
Vendor: CVE Published:; 1 April 2015

Summary

XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.

References

http://seclists.org/fulldisclosure/2015/Jun/64

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/archive/1/535827/100/800/thr...

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/132358/SAP-NetWeaver...

x_refsource_MISC

Timeline

Vulnerability published
Apr 1, 2015
Vulnerability Reserved
Apr 1, 2015