PT-2015-5907 · Sap · Sap Netweaver Portal

Vahagn Vardanyan

Published

2015-04-01

Updated

2018-12-10

CVE-2015-2812

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Portal version 7.31.201109172004

Description The issue allows remote attackers to send requests to intranet servers via crafted XML, exploiting an XML external entity (XXE) vulnerability in the XMLValidationComponent.

Recommendations For SAP NetWeaver Portal version 7.31.201109172004, apply the fix as described in SAP Security Note 2093966 to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2015-2812

Affected Products

Sap Netweaver Portal

PT-2015-5907 · Sap · Sap Netweaver Portal

CVE-2015-2812

Related Identifiers

Affected Products

References · 5