CVE-2015-6664 - XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platfo

CVE-2015-6664

Summary

XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>

References

Vulnerable Configurations

cpe:2.3:a:sap:mobile_platform:2.3:*:*:*:*:*:*:*
cpe:2.3:a:sap:mobile_platform:2.3:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 10-12-2018 - 19:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20151123 [ERPSCAN-15-020] SAP Mobile Platform 2.3 - XXE in application import
fulldisc	20151124 [ERPSCAN-15-020] SAP Mobile Platform 2.3 - XXE in application import
misc	http://packetstormsecurity.com/files/134509/SAP-Mobile-Platform-2.3-XXE-Injection.html https://erpscan.io/advisories/erpscan-15-020-sap-mobile-platform-2-3-xxe-in-application-import/

Last major update

10-12-2018 - 19:29

Published

24-08-2015 - 14:59

Last modified

10-12-2018 - 19:29