Description
XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/134507/SAP-NetWeaver-7.4-XXE-Injection.html
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-15-018-sap-netweaver-7-4-xxe/
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Nov/92
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536957/100/0/threaded
Scores
EPSS
0.0064
EPSS Percentile
70.7%
Details
Status
published
Products (1)
sap/netweaver
7.40
Published
Aug 24, 2015
Tracked Since
Feb 18, 2026