Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

[ERPSCAN-15-011] SAP Mobile Platform – XXE

Application: Mobile Platform 3
Vendor URL: http://www.sap.com
Bugs: XML External Entity
Reported: 29.12.2014
Vendor response: 30.12.2014
Date of Public Advisory: 15.03.2015
Reference: SAP Security Note 2125513
Authors: Vahagn Vardanyan (ERPScan)

VULNERABILITY INFORMATION
Class: XML External Entity [CWE-611]
Impact: XML external entity, information disclosure, denial of service
Remotely Exploitable: Yes
Locally Exploitable: No

Business Risk
It is possible for attackers to send any packets to any port of any system including localhost.
It means that it is possible, for example, to send any administrative command to Gateway or Message Server because the source of the packet will be localhost, and there are no restrictions for localhost.

Description
SAP XML parser validates all incoming XML requests with a user-specified DTD.

VULNERABLE PACKAGES
SAP Mobile Platform 3.0
Other versions are probably affected too, but they were not checked.

SOLUTIONS AND WORKAROUNDS
To correct this vulnerability, install SAP Security Note 2125513.

TECHNICAL DESCRIPTION
SAP XML parser validates all incoming XML requests with a user-specified DTD.

Defense
To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: