Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1309

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-1309
Last Modified 25 Jan 2015 08:42:56
Published 22 Jan 2015 11:59:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1309

Summary

XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638.

Vulnerable Systems

Application

  • Sap Netweaver Abap 7.31


References

SECUNIA - 62469

MISC - http://erpscan.com/press-center/blog/sap-critical-patch-update-january-2015/

MISC - http://erpscan.com/advisories/erpscan-15-001-sap-netweaver-ecatt_display_xmlstring_remote-xxe/


Last Updated: 27 May 2016 10:38:13