Vulnerabilities > CVE-2015-7968 - XXE vulnerability in SAP Netweaver Application Server

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

CWE-611

NVD

Published: 2020-03-09

Updated: 2020-03-10

Summary

nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Netweaver Application Server *	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://labs.integrity.pt/advisories/cve-2015-7968/