CVE-2015-2811

Published: Apr 1, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.

Affected (1)

Products: Sap: Netweaver Enterprise Portal

Sap

1 product

Netweaver Enterprise Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Enterprise Portal	Version 7.31

References (10)

http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2015/Jun/64

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/535827/100/800/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/73691

Source: cve@mitre.org

https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe/

Source: cve@mitre.org

http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html