CVE-2016-8348

Name of the Vulnerable Software and Affected Versions Liebert SiteScan versions prior to 6.5

Description The issue is related to an XML External Entity (XXE) problem, which is caused by incorrect restriction of XML links to external objects. This can allow a remote attacker to gain access to confidential information by using specially crafted XML requests. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser, causing the application to execute arbitrary code or disclose file contents from a server or connected network.

Recommendations For versions prior to 6.5, consider disabling the XML parser or restricting its use until a patch is available to prevent exploitation of the XXE issue. Restrict access to the Liebert SiteScan web interface to minimize the risk of exploitation. Avoid using weakly configured XML parsers in the Liebert SiteScan application until the issue is resolved.