Vulnerability Details : CVE-2015-2813
XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358.
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2015-2813
- cpe:2.3:a:sap:mobile_platform:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-2813
0.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-2813
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2015-2813
-
http://packetstormsecurity.com/files/132357/SAP-Mobile-Platform-2.3-XXE-Injection.html
SAP Mobile Platform 2.3 XXE Injection ≈ Packet Storm
-
http://www.securityfocus.com/archive/1/535828/100/800/threaded
SecurityFocus
-
http://www.securityfocus.com/bid/73692
SAP Mobile Platform CVE-2015-2813 XML External Entity Injection Vulnerability
-
http://seclists.org/fulldisclosure/2015/Jun/63
Full Disclosure: ERPSCAN Research Advisory [ERPSCAN-15-005] SAP Mobile Platform - XXE
-
https://erpscan.io/advisories/erpscan-15-005-sap-mobile-platform-xxe/
[ERPSCAN-15-005] SAP Mobile Platform - XXE
Jump to