CVE-2015-2813

Опубликовано: 01 апр. 2015

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358.

Комментарий

CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

Ссылки

http://packetstormsecurity.com/files/132357/SAP-Mobile-Platform-2.3-XXE-Injection.html
http://seclists.org/fulldisclosure/2015/Jun/63
http://www.securityfocus.com/archive/1/535828/100/800/threaded
http://www.securityfocus.com/bid/73692
https://erpscan.io/advisories/erpscan-15-005-sap-mobile-platform-xxe/
http://packetstormsecurity.com/files/132357/SAP-Mobile-Platform-2.3-XXE-Injection.html
http://seclists.org/fulldisclosure/2015/Jun/63
http://www.securityfocus.com/archive/1/535828/100/800/threaded
http://www.securityfocus.com/bid/73692
https://erpscan.io/advisories/erpscan-15-005-sap-mobile-platform-xxe/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:mobile_platform:*:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.0054

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-6rwm-qc5f-6qgc

github

больше 3 лет назад