Sap · Sap Netweaver Application Server Abap · CVE-2015-7968
Name of the Vulnerable Software and Affected Versions:
SAP NetWeaver Application Server before Security Note 2183189
Description:
The issue allows XXE attacks for local file inclusion via the "sap/bc/ui2/nwbc/nwbc ext2int/" URI. This can be exploited to access local files.
Recommendations:
For SAP NetWeaver Application Server before Security Note 2183189, apply Security Note 2183189 to resolve the issue. As a temporary workaround, consider restricting access to the "sap/bc/ui2/nwbc/nwbc ext2int/" URI to minimize the risk of exploitation.