Vulnerabilities > CVE-2015-4091 - XML External Entity Injection vulnerability in SAP Netweaver Application Server Java 7.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://packetstormsecurity.com/files/133122/SAP-NetWeaver-AS-Java-XXE-Injection.html
- http://seclists.org/fulldisclosure/2015/May/96
- http://www.securityfocus.com/archive/1/536239/100/0/threaded
- http://www.securityfocus.com/bid/74850
- https://erpscan.io/advisories/erpscan-15-013-sap-netweaver-as-java-cim-upload-xxe