5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
70.5%
Application: Mobile Platform Vendor URL:http://www.sap.com **Bugs:**XML External Entity **Reported:**06.11.2014 **Vendor response:**07.11.2014 **Date of Public Advisory:**15.02.2015 **Reference:**SAP Security Note 2125358 Authors: Dmitry Chastukhin (ERPScan)
VULNERABILITY INFORMATION
Class: XML External Entity [CWE-611]
Impact: information disclosure, denial of service, read file
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2015-2813
Business Risk
It is possible for attackers to send any packet to any port of any system including localhost.
It means that it is possible, for example, to send any administrative command to Gateway or Message Server because the source of the packet will be localhost, and there are no restrictions for localhost. Another example is an attack on other interfaces.
Description
SAP XML parser validates all incoming XML requests with user specified DTD.
VULNERABLE PACKAGES
SAP Mobile Platform 2.2
SAP Mobile Platform 2.3
Other versions are probably affected too, but they were not checked.
SOLUTIONS AND WORKAROUNDS
To correct this vulnerability, install SAP Security Note 2125358 or:
TECHNICAL DESCRIPTION
SAP XML parser (/scc/messagebroker/http) validates all incoming XML requests with a user-specified DTD.
Defense
To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: