CVE-2015-4091
SAP NetWeaver AS Java 7.4 - XML External Entity Injection via CIM UPLOAD
Title source: llmDescription
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851.
References (5)
Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/133122/SAP-NetWeaver-AS-Java-XXE-Injection.html
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-15-013-sap-netweaver-as-java-cim-upload-xxe
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536239/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74850
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/May/96
Scores
EPSS
0.0096
EPSS Percentile
76.7%
Details
Status
published
Products (1)
sap/sap_netweaver_application_server_java
7.4
Published
May 26, 2015
Tracked Since
Feb 18, 2026