XML External Entity Vulnerability in SAP NetWeaver AS Java 7.4
CVE-2015-4091

Currently unrated

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server Java
Vendor: CVE Published:; 26 May 2015

What is CVE-2015-4091?

The XML external entity vulnerability in SAP NetWeaver AS Java 7.4 enables remote attackers to exploit XML requests directed at tc~sld~wd~main/Main. This could lead to unauthorized TCP requests being sent to internal intranet servers, potentially compromising sensitive data. The issue relates to the 'CIM UPLOAD' functionality, which allows attackers to manipulate XML requests, thereby increasing the risk of further exploitation.

References

http://packetstormsecurity.com/files/133122/SAP-NetWeaver...

x_refsource_MISC

https://erpscan.io/advisories/erpscan-15-013-sap-netweave...

x_refsource_MISC

http://www.securityfocus.com/archive/1/536239/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
May 26, 2015
Vulnerability Reserved
May 26, 2015