CVE-2015-6664

Published: Aug 24, 2015Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227.

Affected (1)

Products: Sap: Mobile Platform

1 product

Mobile Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Mobile Platform	Version 2.3

References (8)

http://packetstormsecurity.com/files/134509/SAP-Mobile-Platform-2.3-XXE-Injection.html

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2015/Nov/96

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/536954/100/0/threaded

Source: cve@mitre.org

https://erpscan.io/advisories/erpscan-15-020-sap-mobile-platform-2-3-xxe-in-application-import/

Source: cve@mitre.org

http://packetstormsecurity.com/files/134509/SAP-Mobile-Platform-2.3-XXE-Injection.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2015/Nov/96

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/536954/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

https://erpscan.io/advisories/erpscan-15-020-sap-mobile-platform-2-3-xxe-in-application-import/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.