XML External Entity Vulnerability in SAP NetWeaver Portal by SAP
CVE-2015-2812

Currently unrated

Key Information:

Vendor: SAP
Status: Netweaver Enterprise Portal
Vendor: CVE Published:; 1 April 2015

Summary

An XML External Entity vulnerability exists in the XMLValidationComponent of SAP NetWeaver Portal version 7.31, allowing remote attackers to exploit crafted XML requests. This could enable unauthorized access to intranet servers, raising serious concerns for enterprise security and data integrity. It's essential for businesses using this software to review their security measures and apply necessary updates as per the SAP Security Note 2093966 to mitigate risks associated with this vulnerability.

References

http://www.securityfocus.com/archive/1/535826/100/800/thr...

mailing-listx_refsource_BUGTRAQ

http://seclists.org/fulldisclosure/2015/Jun/62

mailing-listx_refsource_FULLDISC

https://erpscan.io/advisories/erpscan-15-004-sap-netweave...

x_refsource_MISC

Timeline

Vulnerability published
Apr 1, 2015
Vulnerability Reserved
Apr 1, 2015