CVE-2015-6662
SAP NetWeaver 7.4 XXE Injection
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.
Vulnerabilidad de entidad externa XML (XXE) en SAP NetWeaver Portal 7.4, permite a atacantes remotos leer archivos arbitrarios o posiblemente tener otro impacto no especificado a través de datos XML manipulados, también conocida como SAP Security Note 2168485.
SAP NetWeaver version 7.4 suffers from an XML external entity injection vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-08-24 CVE Reserved
- 2015-08-24 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/134507/SAP-NetWeaver-7.4-XXE-Injection.html | X_refsource_misc |
|
| http://seclists.org/fulldisclosure/2015/Nov/92 | Mailing List |
|
| http://www.securityfocus.com/archive/1/536957/100/0/threaded | Mailing List | |
| https://erpscan.io/advisories/erpscan-15-018-sap-netweaver-7-4-xxe | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|