XML External Entity Vulnerability in SAP Mobile Platform 2.3
CVE-2015-6664

Currently unrated

Key Information:

Vendor: SAP
Status: Mobile Platform
Vendor: CVE Published:; 24 August 2015

Summary

An XML External Entity (XXE) vulnerability exists within the import functionality of SAP Mobile Platform 2.3. This flaw allows remote attackers to craft malicious XML data, potentially enabling them to read arbitrary files on the server. In addition to unauthorized file access, the exploitation of this vulnerability may lead to other unspecified impacts, raising significant security concerns for users of this platform. Organizations utilizing SAP Mobile Platform 2.3 should implement necessary precautions to mitigate risks associated with this vulnerability.

References

https://erpscan.io/advisories/erpscan-15-020-sap-mobile-p...

x_refsource_MISC

http://www.securityfocus.com/archive/1/536954/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://seclists.org/fulldisclosure/2015/Nov/96

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Aug 24, 2015
Vulnerability Reserved
Aug 24, 2015