Lucene search

[email protected]NVD:CVE-2015-2811

HistoryApr 01, 2015 - 2:59 p.m.

CVE-2015-2811

2015-04-0114:59:09

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

72.9%

JSON

XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.

Affected configurations

Nvd

Node

sapnetweaver_enterprise_portalMatch7.31

VendorProductVersionCPE
sapnetweaver_enterprise_portal7.31cpe:2.3:a:sap:netweaver_enterprise_portal:7.31:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	netweaver_enterprise_portal	7.31	cpe:2.3:a:sap:netweaver_enterprise_portal:7.31:::::::*

References

packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html

seclists.org/fulldisclosure/2015/Jun/64

www.securityfocus.com/archive/1/535827/100/800/threaded

www.securityfocus.com/bid/73691

erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

72.9%

JSON

Related for NVD:CVE-2015-2811

cvelist1 cve1 prion1 securityvulns2 erpscan1 kaspersky1