Описание
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tcsldwd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851.
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tcsldwd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-4091
- https://erpscan.io/advisories/erpscan-15-013-sap-netweaver-as-java-cim-upload-xxe
- http://packetstormsecurity.com/files/133122/SAP-NetWeaver-AS-Java-XXE-Injection.html
- http://seclists.org/fulldisclosure/2015/May/96
- http://www.securityfocus.com/archive/1/536239/100/0/threaded
- http://www.securityfocus.com/bid/74850
EPSS
CVE ID
Связанные уязвимости
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851.
Уязвимость сервера приложений SAP NetWeaver Application Server, позволяющая нарушителю нарушить безопасность информации
EPSS