PT-2023-16863 · Dsm · Enovia Live Collaboration
Shadi Habbal
·
Published
2023-03-09
·
Updated
2023-03-21
·
CVE-2023-1288
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ENOVIA Live Collaboration version V6R2013xE
Description
An XML External Entity injection (XXE) vulnerability allows an attacker to read local files on the server, which can also lead to Remote File inclusions.
Recommendations
For ENOVIA Live Collaboration version V6R2013xE, consider disabling XML External Entity processing to prevent XXE attacks until a patch is available. Restrict access to sensitive files on the server to minimize the risk of exploitation.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Enovia Live Collaboration