Vulnerability Details : CVE-2015-1309
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638.
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2015-1309
- cpe:2.3:a:sap:netweaver_abap:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1309
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1309
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2015-1309
-
https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/
SAP Security Notes January 2015 - Review
-
https://erpscan.io/advisories/erpscan-15-001-sap-netweaver-ecatt_display_xmlstring_remote-xxe/
[ERPSCAN-15-001] SAP NetWeaver ECATT_DISPLAY_XMLSTRING_REMOTE - XXE
Jump to