Vulnerabilities > CVE-2015-2818 - XML External Entity Injection vulnerability in SAP Mobile Platform 3.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2015-04-01

Updated: 2018-12-10

Summary

XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Mobile Platform 3.0	1

References

http://www.securityfocus.com/bid/73896
https://erpscan.io/advisories/erpscan-15-011-sap-mobile-platform-xxe