ID CVE-2015-7241
Summary XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.
References
Vulnerable Configurations
  • cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:6.4:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:ehp2:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.0:ehp2:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:ehp3:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.0:ehp3:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:sp15:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.0:sp15:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:sp8:*:*:*:*:*:*
    cpe:2.3:a:sap:netweaver:7.0:sp8:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 09-10-2018 - 19:58)
Impact:
Exploitability:
CWE CWE-611
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 76809
bugtraq 20150921 SAP Netwaver - XML External Entity Injection
exploit-db 38261
misc http://packetstormsecurity.com/files/133627/SAP-Netweaver-XML-External-Entity-Injection.html
vulnerable_product via4
  • cpe:2.3:a:sap:netweaver:-:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:ehp1:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:ehp2:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:ehp3:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:sp15:*:*:*:*:*:*
  • cpe:2.3:a:sap:netweaver:7.0:sp8:*:*:*:*:*:*
Last major update 09-10-2018 - 19:58
Published 06-09-2017 - 21:29
Back to Top