PT-2015-5906 · Sap · Sap Netweaver Portal

Vahagn Vardanyan

Published

2015-04-01

Updated

2018-12-10

CVE-2015-2811

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Portal version 7.31.201109172004

Description The issue allows remote attackers to send requests to intranet servers via crafted XML. This is related to an XML external entity (XXE) vulnerability in ReportXmlViewer.

Recommendations For SAP NetWeaver Portal version 7.31.201109172004, apply the fix as described in SAP Security Note 2111939 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2015-2811

Affected Products

Sap Netweaver Portal

PT-2015-5906 · Sap · Sap Netweaver Portal

CVE-2015-2811

Related Identifiers

Affected Products

References · 6