CVE-2015-7968

Published: Mar 9, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.

Affected (1)

Products: Sap: Netweaver Application Server

Sap

1 product

Netweaver Application Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Application Server	Before 2183189

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://labs.integrity.pt/advisories/cve-2015-7968/

Source: cve@mitre.org

ExploitThird Party Advisory

https://labs.integrity.pt/advisories/cve-2015-7968/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.