CVE-2015-6662

Name of the Vulnerable Software and Affected Versions SAP NetWeaver versions 7.4

Description The issue exists due to a lack of access restrictions to external objects contained in links within a processed XML file. This can be exploited by a remote attacker to cause a denial of service or trigger access to an external resource using a specially crafted XML file. The vulnerability also allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data.

Recommendations For SAP NetWeaver version 7.4, apply the fix as described in SAP Security Note 2168485 to resolve the issue. As a temporary workaround, consider restricting access to external entities in XML files to minimize the risk of exploitation.