PT-2021-12638 · Unknown · Callback Assist

Ben Leonard-Lagarde

Published

2021-04-23

Updated

2021-04-30

CVE-2020-7036

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Callback Assist versions 4.0.x before 4.7.1.1 Patch 7

Description: An XML External Entities (XXE) issue could allow an authenticated, remote attacker to gain read access to information stored on an affected system.

Recommendations: For versions 4.0.x before 4.7.1.1 Patch 7, update to version 4.7.1.1 Patch 7 or later to resolve the issue.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2020-7036

Affected Products

Callback Assist

PT-2021-12638 · Unknown · Callback Assist

CVE-2020-7036

Weakness Enumeration

Related Identifiers

Affected Products

References · 3