CVE-2015-2811
https://notcve.org/view.php?id=CVE-2015-2811
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939. Vulnerabilidad de entidad externa XML (XXE) en ReportXmlViewer en SAP NetWeaver Portal 7.31.201109172004 permite a atacantes remotos enviar solicitudes a servidores de intranet a través de XML manipulado, también conocido como la nota de seguridad de SAP Security 2111939. • http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html http://seclists.org/fulldisclosure/2015/Jun/64 http://www.securityfocus.com/archive/1/535827/100/800/threaded http://www.securityfocus.com/bid/73691 https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe •
CVE-2015-2812
https://notcve.org/view.php?id=CVE-2015-2812
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966. Vulnerabilidad de entidad externa XML (XXE) en XMLValidationComponent en SAP NetWeaver Portal 7.31.201109172004 permite a atacantes remotos enviar solicitudes a servidores de intranet a través de XML manipulado, también conocido como la nota de seguridad de SAP 2093966. • http://packetstormsecurity.com/files/132356/SAP-NetWeaver-Portal-7.31-XXE-Injection.html http://seclists.org/fulldisclosure/2015/Jun/62 http://www.securityfocus.com/archive/1/535826/100/800/threaded https://erpscan.io/advisories/erpscan-15-004-sap-netweaver-portal-xmlvalidationcomponent-xxe •