CVE-2015-5068
SAP Mobile Platform 3 - XML External Entity Injection via Crafted XML Request
Title source: llmDescription
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601.
References (5)
Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/133514/SAP-Mobile-Platform-3-XXE-Injection.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75166
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-15-014-sap-mobile-platform-3-xxe-in-add-repository/
Vendor Advisory x_refsource_misc
http://scn.sap.com/community/security/blog/2015/06/11/sap-security-notes-june-2015
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Sep/36
Scores
EPSS
0.0096
EPSS Percentile
76.7%
Details
Status
published
Products (1)
sap/mobile_platform
3.0
Published
Jun 24, 2015
Tracked Since
Feb 18, 2026