ID CVE-2015-5068
Summary XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
References
Vulnerable Configurations
  • cpe:2.3:a:sap:mobile_platform:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:sap:mobile_platform:3.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 10-12-2018 - 19:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 75166
fulldisc 20150910 [ERPSCAN-15-014] SAP Mobile Platform 3 - XXE in Add Repository
misc
Last major update 10-12-2018 - 19:29
Published 24-06-2015 - 14:59
Last modified 10-12-2018 - 19:29
Back to Top