8 matches found
CVE-2020-6177
CVE-2020-6177 : SAP Mobile Platform 3.0 is affected by an input-validation issue where an XML document from an untrusted source can cause a partial denial of service. The records note that External-Entity resolving is not allowed, so there is no indicated risk of leaking server files. No exploita...
CVE-2015-2813
CVE-2015-2813: XXE vulnerability in SAP Mobile Platform. The SAP XML parser at /scc/messagebroker/http improperly processes user-supplied DTDs, enabling remote attackers to disclose information, DoS, or read local files. Affected versions include SAP Mobile Platform 2.2 and 2.3 (likely others). R...
CVE-2015-2818
CVE-2015-2818 describes an XML External Entity (XXE) vulnerability in SAP Mobile Platform 3. The issue arises from XXE processing in XML inputs, allowing a remote attacker to craft XML that can cause requests to internal/intranet servers. The vulnerability is associated with SAP Mobile Platform 3...
CVE-2015-6664
CVE-2015-6664 affects SAP Mobile Platform 2.3 and potentially others, with an XML External Entity (XXE) vulnerability in the application import feature. An attacker can read arbitrary files on the server by crafting XML data that leverages a DTD. Vulnerable component: the XML parser handling appl...
CVE-2015-5068
CVE-2015-5068 is an XXE vulnerability affecting SAP Mobile Platform 3 (and SAP NetWeaver AS Java 7.4 per ERPScan notes) where the XML parser validates incoming requests with a user-specified DTD. A crafted XML request (via Add Repository) can cause the server to read arbitrary files, enable DoS (...
CVE-2015-7731
SAP Mobile Platform 3.0 SP05 ClientHub has an information-disclosure flaw in the DataVault that could allow an attacker to obtain the keystream and other sensitive data. The issue is documented as SAP Security Note 2094830; the exact root cause and affected components are not fully detailed in th...
CVE-2015-8600
Summary (CVE-2015-8600) : The SysAdminWebTool servlets in SAP Mobile Platform are described as allowing remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have other impact via unknown vectors. The connected CNVD/CNVD-like records corroborate an authen...
CVE-2018-2459
CVE-2018-2459 affects SAP Mobile Platform 3.0 Offline OData applications using delta tokens by default. The offline OData delta token mechanism may return data values belonging to a different user, causing information disclosure. This is described across multiple sources (NVD/CNVD entries) with a...