PT-2017-9590 · Huawei · Huawei Anyoffice

Published

2017-04-02

Updated

2017-04-05

CVE-2016-8275

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Huawei AnyOffice version V200R006C00

Description The issue allows an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb.

Recommendations For version V200R006C00, consider restricting the upload of XML files or implementing validation checks to prevent XML bombs until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2016-8275

Affected Products

Huawei Anyoffice

PT-2017-9590 · Huawei · Huawei Anyoffice

CVE-2016-8275

Weakness Enumeration

Related Identifiers

Affected Products

References · 4