CVE-2015-6662

XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
sapnetweaver
7.40
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/134507/SAP-NetWeaver-7.4-XXE-Injection.html
http://seclists.org/fulldisclosure/2015/Nov/92
http://www.securityfocus.com/archive/1/536957/100/0/threaded
https://erpscan.io/advisories/erpscan-15-018-sap-netweaver-7-4-xxe/
http://packetstormsecurity.com/files/134507/SAP-NetWeaver-7.4-XXE-Injection.html
http://seclists.org/fulldisclosure/2015/Nov/92
http://www.securityfocus.com/archive/1/536957/100/0/threaded
https://erpscan.io/advisories/erpscan-15-018-sap-netweaver-7-4-xxe/