Lucene search

[email protected]NVD:CVE-2015-2812

HistoryApr 01, 2015 - 2:59 p.m.

CVE-2015-2812

2015-04-0114:59:11

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

73.8%

JSON

XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.

Affected configurations

Nvd

Node

sapnetweaver_enterprise_portalMatch7.31

VendorProductVersionCPE
sapnetweaver_enterprise_portal7.31cpe:2.3:a:sap:netweaver_enterprise_portal:7.31:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	netweaver_enterprise_portal	7.31	cpe:2.3:a:sap:netweaver_enterprise_portal:7.31:::::::*

References

packetstormsecurity.com/files/132356/SAP-NetWeaver-Portal-7.31-XXE-Injection.html

seclists.org/fulldisclosure/2015/Jun/62

www.securityfocus.com/archive/1/535826/100/800/threaded

erpscan.io/advisories/erpscan-15-004-sap-netweaver-portal-xmlvalidationcomponent-xxe/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

73.8%

JSON

Related for NVD:CVE-2015-2812

cve1 securityvulns2 cvelist1 erpscan1 prion1 kaspersky1