PT-2018-5260 · Commsy · Commsy
Prodigysml
·
Publicado
2018-01-03
·
Atualizado
2018-01-17
·
CVE-2017-1000496
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Commsy version 9.0.0
Description
The issue affects the configuration import functionality, making it vulnerable to XXE attacks. This can result in denial of service and possibly allow remote execution of code.
Recommendations
For Commsy version 9.0.0, update to a version that fixes this issue to prevent XXE attacks and potential remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XXE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Commsy