CVE-2017-13706

Name of the Vulnerable Software and Affected Versions Lansweeper versions prior to 6.0.100.67

Description The issue allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request. This is due to an XML external entity (XXE) vulnerability in the import package functionality of the deployment module.

Recommendations For versions prior to 6.0.100.67, update to version 6.0.100.67 or later to resolve the issue. As a temporary workaround, consider restricting access to the import package functionality in the deployment module to minimize the risk of exploitation.