XML External Entity Vulnerability in SAP Mobile Platform by SAP
CVE-2015-2818

Currently unrated

Key Information:

Vendor: SAP
Status: Mobile Platform
Vendor: CVE Published:; 1 April 2015

What is CVE-2015-2818?

The SAP Mobile Platform 3 is susceptible to an XML External Entity (XXE) vulnerability, allowing remote attackers to craft XML requests that can access intranet servers. This issue can potentially lead to unauthorized data exposure. SAP Security Note 2125513 provides further details and mitigation strategies that can be employed to safeguard against this vector of attack.

References

https://erpscan.io/advisories/erpscan-15-011-sap-mobile-p...

x_refsource_MISC

http://www.securityfocus.com/bid/73896

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2015
Vulnerability Reserved
Apr 1, 2015