CVE-2015-2812

EUVD-2015-2900
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
sapnetweaver_enterprise_portal
7.31
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/132356/SAP-NetWeaver-Portal-7.31-XXE-Injection.html
http://seclists.org/fulldisclosure/2015/Jun/62
http://www.securityfocus.com/archive/1/535826/100/800/threaded
https://erpscan.io/advisories/erpscan-15-004-sap-netweaver-portal-xmlvalidationcomponent-xxe/
http://packetstormsecurity.com/files/132356/SAP-NetWeaver-Portal-7.31-XXE-Injection.html
http://seclists.org/fulldisclosure/2015/Jun/62
http://www.securityfocus.com/archive/1/535826/100/800/threaded
https://erpscan.io/advisories/erpscan-15-004-sap-netweaver-portal-xmlvalidationcomponent-xxe/