← back
CVE-2015-2811

CVE-2015-2811

EPSS 2.4%
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.htmlhttp://seclists.org/fulldisclosure/2015/Jun/64https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe/http://www.securityfocus.com/archive/1/535827/100/800/threadedhttp://www.securityfocus.com/bid/73691