Lucene search
K
SapMobile Platform

8 matches found

CVE
CVE
added 2020/02/12 7:45 p.m.64 views

CVE-2020-6177

CVE-2020-6177 : SAP Mobile Platform 3.0 is affected by an input-validation issue where an XML document from an untrusted source can cause a partial denial of service. The records note that External-Entity resolving is not allowed, so there is no indicated risk of leaking server files. No exploita...

4.3CVSS4.5AI score0.00847EPSS
CVE
CVE
added 2015/04/01 2:0 p.m.60 views

CVE-2015-2813

CVE-2015-2813: XXE vulnerability in SAP Mobile Platform. The SAP XML parser at /scc/messagebroker/http improperly processes user-supplied DTDs, enabling remote attackers to disclose information, DoS, or read local files. Affected versions include SAP Mobile Platform 2.2 and 2.3 (likely others). R...

5CVSS6.7AI score0.01642EPSS
CVE
CVE
added 2015/04/01 2:0 p.m.57 views

CVE-2015-2818

CVE-2015-2818 describes an XML External Entity (XXE) vulnerability in SAP Mobile Platform 3. The issue arises from XXE processing in XML inputs, allowing a remote attacker to craft XML that can cause requests to internal/intranet servers. The vulnerability is associated with SAP Mobile Platform 3...

5CVSS6.8AI score0.01135EPSS
CVE
CVE
added 2015/08/24 2:0 p.m.52 views

CVE-2015-6664

CVE-2015-6664 affects SAP Mobile Platform 2.3 and potentially others, with an XML External Entity (XXE) vulnerability in the application import feature. An attacker can read arbitrary files on the server by crafting XML data that leverages a DTD. Vulnerable component: the XML parser handling appl...

6.8CVSS7.1AI score0.01635EPSS
CVE
CVE
added 2015/06/24 2:0 p.m.51 views

CVE-2015-5068

CVE-2015-5068 is an XXE vulnerability affecting SAP Mobile Platform 3 (and SAP NetWeaver AS Java 7.4 per ERPScan notes) where the XML parser validates incoming requests with a user-specified DTD. A crafted XML request (via Add Repository) can cause the server to read arbitrary files, enable DoS (...

7.5CVSS7.2AI score0.02885EPSS
Web
CVE
CVE
added 2021/08/09 6:3 p.m.51 views

CVE-2015-7731

SAP Mobile Platform 3.0 SP05 ClientHub has an information-disclosure flaw in the DataVault that could allow an attacker to obtain the keystream and other sensitive data. The issue is documented as SAP Security Note 2094830; the exact root cause and affected components are not fully detailed in th...

5.5CVSS5.3AI score0.00247EPSS
CVE
CVE
added 2015/12/17 7:0 p.m.50 views

CVE-2015-8600

Summary (CVE-2015-8600) : The SysAdminWebTool servlets in SAP Mobile Platform are described as allowing remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have other impact via unknown vectors. The connected CNVD/CNVD-like records corroborate an authen...

7.5CVSS7.7AI score0.01425EPSS
CVE
CVE
added 2018/09/11 3:0 p.m.44 views

CVE-2018-2459

CVE-2018-2459 affects SAP Mobile Platform 3.0 Offline OData applications using delta tokens by default. The offline OData delta token mechanism may return data values belonging to a different user, causing information disclosure. This is described across multiple sources (NVD/CNVD entries) with a...

7.5CVSS7.5AI score0.01728EPSS