CVE-2020-12684

Name of the Vulnerable Software and Affected Versions i-net Clear Reports versions 19.0.287

Description The issue occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser, allowing XXE injection. This can happen in i-net Clear Reports 2019, as used in i-net HelpDesk and other products.

Recommendations For version 19.0.287, consider reconfiguring the XML parser to properly handle external entities and prevent XXE injection. As a temporary workaround, restrict the processing of XML input containing external entity references until a more secure configuration or update is available.