Published: 24/06/2015 Updated: 10/12/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote malicious users to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap mobile platform 3.0

SAP NetWeaver AS Java version 74 suffers from multiple XXE vulnerabilities An attacker can read an arbitrary file on a server by sending a correct XML request with a crafted DTD and reading the response from the service An attacker can perform a DoS attack (for example, XML Entity Expansion) An SMB Relay attack is a type of Man-in-the-Middle at ...

NVD-CWE-Other http://scn.sap.com/community/security/blog/2015/06/11/sap-security-notes-june-2015 http://www.securityfocus.com/bid/75166 http://seclists.org/fulldisclosure/2015/Sep/36 http://packetstormsecurity.com/files/133514/SAP-Mobile-Platform-3-XXE-Injection.html https://erpscan.io/advisories/erpscan-15-014-sap-mobile-platform-3-xxe-in-add-repository/https://nvd.nist.gov https://packetstormsecurity.com/files/133514/SAP-Mobile-Platform-3-XXE-Injection.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-5068

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect