CVE-2015-4091

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS Java version 7.4

Description The issue is related to an XML external entity (XXE) vulnerability, which allows remote attackers to send TCP requests to intranet servers or have unspecified other impact via an XML request. This can be achieved by sending a specially crafted XML request to the tcsldwd~main/Main endpoint. The vulnerability is also related to "CIM UPLOAD" and can be exploited by sending specially formed TCP and XML requests, potentially allowing a remote attacker to compromise information security.

Recommendations For SAP NetWeaver AS Java version 7.4, apply the fix as described in SAP Security Note 2090851 to resolve the issue. As a temporary workaround, consider restricting access to the tcsldwd~main/Main endpoint to minimize the risk of exploitation.