CVE-2015-6662

Published: Aug 24, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.

Affected (1)

Products: Sap: Netweaver

Sap

1 product

Netweaver

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver	Version 7.40

References (8)

http://packetstormsecurity.com/files/134507/SAP-NetWeaver-7.4-XXE-Injection.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2015/Nov/92

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/536957/100/0/threaded

Source: cve@mitre.org

https://erpscan.io/advisories/erpscan-15-018-sap-netweaver-7-4-xxe/

Source: cve@mitre.org

http://packetstormsecurity.com/files/134507/SAP-NetWeaver-7.4-XXE-Injection.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2015/Nov/92

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/536957/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

https://erpscan.io/advisories/erpscan-15-018-sap-netweaver-7-4-xxe/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.