CVE-2015-6664

XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:mobile_platform:2.3:*:*:*:*:*:*:*

History

21 Nov 2024, 02:35

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/134509/SAP-Mobile-Platform-2.3-XXE-Injection.html - () http://packetstormsecurity.com/files/134509/SAP-Mobile-Platform-2.3-XXE-Injection.html -
References () http://seclists.org/fulldisclosure/2015/Nov/96 - () http://seclists.org/fulldisclosure/2015/Nov/96 -
References () http://www.securityfocus.com/archive/1/536954/100/0/threaded - () http://www.securityfocus.com/archive/1/536954/100/0/threaded -
References () https://erpscan.io/advisories/erpscan-15-020-sap-mobile-platform-2-3-xxe-in-application-import/ - () https://erpscan.io/advisories/erpscan-15-020-sap-mobile-platform-2-3-xxe-in-application-import/ -

Information

Published : 2015-08-24 14:59

Updated : 2024-11-21 02:35


NVD link : CVE-2015-6664

Mitre link : CVE-2015-6664

CVE.ORG link : CVE-2015-6664


JSON object : View

Products Affected

sap

  • mobile_platform