CVE-2015-2812
SAP NetWeaver Enterprise Portal 7.31.201109172004 - XML External Entity Injection in XMLValidationComponent
Title source: llmDescription
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535826/100/800/threaded
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jun/62
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-15-004-sap-netweaver-portal-xmlvalidationcomponent-xxe/
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/132356/SAP-NetWeaver-Portal-7.31-XXE-Injection.html
Scores
EPSS
0.0057
EPSS Percentile
68.8%
Details
Status
published
Products (1)
sap/netweaver_enterprise_portal
7.31
Published
Apr 01, 2015
Tracked Since
Feb 18, 2026