CVE-2015-6664
First published: Mon Aug 24 2015(Updated: )
XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2152227.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Mobile Platform SDK | =2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-6664?
CVE-2015-6664 has a medium severity rating due to its potential impact on confidentiality through arbitrary file reading.
How can I mitigate CVE-2015-6664?
Mitigation for CVE-2015-6664 involves validating XML input and disabling external entity processing in the application.
What systems are affected by CVE-2015-6664?
CVE-2015-6664 affects SAP Mobile Platform version 2.3.
Can CVE-2015-6664 lead to remote code execution?
CVE-2015-6664 does not directly lead to remote code execution but can allow reading sensitive files which may lead to further compromise.
Is there a patch available for CVE-2015-6664?
Yes, SAP has provided security updates to address CVE-2015-6664 as mentioned in SAP Security Note 2152227.
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap mobile platform sdk
- version/sap mobile platform sdk/2.3