52North · 52North Wps · CVE-2023-6280
**Name of the Vulnerable Software and Affected Versions**
52North WPS versions prior to 4.0.0-beta.11
**Description**
An XXE (XML External Entity) vulnerability has been detected, allowing the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.
**Recommendations**
For versions prior to 4.0.0-beta.11, update to version 4.0.0-beta.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebProcessingService servlet until a patch is applied.