Vulnerabilities > CVE-2015-7241 - XXE vulnerability in SAP Netweaver 4.0/6.4/7.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
sap
CWE-611
exploit available

Summary

XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.

Vulnerable Configurations

Part Description Count
Application
Sap
9

Exploit-Db

descriptionSAP Netweaver < 7.01 - XML External Entity Injection. CVE-2015-7241. Webapps exploit for xml platform
fileexploits/xml/webapps/38261.txt
idEDB-ID:38261
last seen2016-02-04
modified2015-09-22
platformxml
port
published2015-09-22
reporterLukasz Miedzinski
sourcehttps://www.exploit-db.com/download/38261/
titleSAP Netweaver < 7.01 - XML External Entity Injection
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/133627/sapnetweaver-xxe.txt
idPACKETSTORM:133627
last seen2016-12-05
published2015-09-21
reporterLukasz Miedzinski
sourcehttps://packetstormsecurity.com/files/133627/SAP-Netweaver-XML-External-Entity-Injection.html
titleSAP Netweaver XML External Entity Injection