PT-2023-32590 · 52North · 52North Wps
Angel Heredia Perez
·
Publicado
2023-12-19
·
Atualizado
2024-08-02
·
CVE-2023-6280
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
52North WPS versions prior to 4.0.0-beta.11
Description
An XXE (XML External Entity) vulnerability has been detected, allowing the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.
Recommendations
For versions prior to 4.0.0-beta.11, update to version 4.0.0-beta.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebProcessingService servlet until a patch is applied.
Correção
XXE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
52North Wps