CVE-2015-2812

Currently unrated

Key Information:

Vendor: SAP
Status: Netweaver Enterprise Portal
Vendor: CVE Published:; 1 April 2015

Summary

XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.

References

http://www.securityfocus.com/archive/1/535826/100/800/thr...

mailing-listx_refsource_BUGTRAQ

http://seclists.org/fulldisclosure/2015/Jun/62

mailing-listx_refsource_FULLDISC

https://erpscan.io/advisories/erpscan-15-004-sap-netweave...

x_refsource_MISC

Timeline

Vulnerability published
Apr 1, 2015
Vulnerability Reserved
Apr 1, 2015