CVE-2015-6664

Name of the Vulnerable Software and Affected Versions SAP Afaria (affected versions not specified) SAP Mobile Platform version 2.3

Description The issue allows a remote attacker to inject arbitrary JavaScript code by sending a specially crafted request to the Xcomms network service. Additionally, there is an XML external entity (XXE) vulnerability in the application import functionality, which enables remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data.

Recommendations For SAP Afaria, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SAP Mobile Platform version 2.3, consider restricting the application import functionality to minimize the risk of exploitation until a patch is available.