CVE-2015-0923

Name of the Vulnerable Software and Affected Versions Ektron Content Management System (CMS) versions 8.5 through 8.7 before 8.7sp2 Ektron Content Management System (CMS) version 9.0 before sp1

Description The issue allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.

Recommendations For Ektron Content Management System (CMS) versions 8.5 through 8.7 before 8.7sp2, update to version 8.7sp2 or later. For Ektron Content Management System (CMS) version 9.0 before sp1, update to version 9.0 sp1 or later.