CVE-2020-7480

Name of the Vulnerable Software and Affected Versions Andover Continuum (All versions)

Description A code injection vulnerability exists due to improper control of generation of code, which could cause files on the application server filesystem to be viewable when an attacker interferes with an application's processing of XML data. This issue is related to the processing of XML data by the application, allowing a remote attacker to exploit the vulnerability and gain access to files on the server.

Recommendations For all versions, consider restricting access to the application's XML data processing functionality as a temporary workaround until a patch is available. Additionally, review the application's configuration to ensure that only necessary files and directories are accessible, minimizing the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.