PT-2022-21961 · Unit4 · Unit4 Erp
Alexis Vanden Eijnde
·
Published
2022-07-19
·
Updated
2022-07-27
·
CVE-2022-34001
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Unit4 ERP versions through 7.9
Description
The issue allows XXE (XML External Entity) attacks via the ExecuteServerProcessAsynchronously function. This can potentially lead to unauthorized access to sensitive data.
Recommendations
For versions through 7.9, consider disabling the ExecuteServerProcessAsynchronously function as a temporary workaround until a patch is available. Restrict access to sensitive data and modules that utilize this function to minimize the risk of exploitation.
Exploit
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unit4 Erp