CVE-2015-6664
SAP Mobile Platform 2.3 - XML External Entity Injection in Application Import
Title source: llmDescription
XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-15-020-sap-mobile-platform-2-3-xxe-in-application-import/
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/536954/100/0/threaded
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Nov/96
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/134509/SAP-Mobile-Platform-2.3-XXE-Injection.html
Scores
EPSS
0.0064
EPSS Percentile
70.7%
Details
Status
published
Products (1)
sap/mobile_platform
2.3
Published
Aug 24, 2015
Tracked Since
Feb 18, 2026