Vulnerability Description
XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Abap | <= 7.31 |
References
- http://secunia.com/advisories/62469
- https://erpscan.io/advisories/erpscan-15-001-sap-netweaver-ecatt_display_xmlstri
- https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/
- http://secunia.com/advisories/62469
- https://erpscan.io/advisories/erpscan-15-001-sap-netweaver-ecatt_display_xmlstri
- https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/
FAQ
What is CVE-2015-1309?
CVE-2015-1309 is a vulnerability with a CVSS score of 5.0 (MEDIUM). XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request...
How severe is CVE-2015-1309?
CVE-2015-1309 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1309?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Abap.