SAP Mobile Platform version 2.3 suffers from an XML external entity injection vulnerability.