XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.
https://erpscan.io/advisories/erpscan-15-006-sap-netweaver-portal-reportxmlviewer-xxe/
http://www.securityfocus.com/bid/73691
http://www.securityfocus.com/archive/1/535827/100/800/threaded
http://seclists.org/fulldisclosure/2015/Jun/64
http://packetstormsecurity.com/files/132358/SAP-NetWeaver-Portal-7.31-XXE-Injection.html