CVE-2015-2813

XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
sapmobile_platform
*
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/132357/SAP-Mobile-Platform-2.3-XXE-Injection.html
http://seclists.org/fulldisclosure/2015/Jun/63
http://www.securityfocus.com/archive/1/535828/100/800/threaded
http://www.securityfocus.com/bid/73692
https://erpscan.io/advisories/erpscan-15-005-sap-mobile-platform-xxe/
http://packetstormsecurity.com/files/132357/SAP-Mobile-Platform-2.3-XXE-Injection.html
http://seclists.org/fulldisclosure/2015/Jun/63
http://www.securityfocus.com/archive/1/535828/100/800/threaded
http://www.securityfocus.com/bid/73692
https://erpscan.io/advisories/erpscan-15-005-sap-mobile-platform-xxe/