4 matches found
SAP NetWeaver 7.4 XXE Injection Vulnerability
SAP NetWeaver version 7.4 suffers from an XML external entity injection vulnerability. Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Send: 16.04.2015 Reported: 16.04.2015 Vendor response: 16.04.2015 Date of...
SAP NetWeaver 7.4 XXE Injection
Application: SAP NetWeaver Versions Affected: SAP NetWeaver 7.4, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Send: 16.04.2015 Reported: 16.04.2015 Vendor response: 16.04.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2168485 Author: Roman Bezhan...
CVE-2015-6662
CVE-2015-6662 describes an XML External Entity (XXE) vulnerability in SAP NetWeaver Portal 7.4. The exposed component is the SAP NetWeaver Portal XML parser handling admin-import functionality (prtroot/com.sap.portal.landscape.access.LSXMLParse). A crafted XML payload can trigger XXE to read arbi...
SAP NetWeaver 7.4 - XXE
Application: SAP NetWeaver Portal 7.4 Vendor URL: http://www.sap.com Bugs: XML eXternal Entity Reported: 16.04.2015 Vendor response: 17.04.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2168485 Authors: Roman Bezhan ERPScan VULNERABILITY INFORMATION Class: XML External Enti...