CVE-2015-2811
SAP NetWeaver Portal 7.31.201109172004 - XML External Entity Injection in ReportXmlViewer
Title source: llmDescription
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.
References (5)
Core 5
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jun/64
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535827/100/800/threaded
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/73691
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe/
Scores
EPSS
0.0066
EPSS Percentile
71.2%
Details
Status
published
Products (1)
sap/netweaver_enterprise_portal
7.31
Published
Apr 01, 2015
Tracked Since
Feb 18, 2026