CVE-2023-2806

Name of the Vulnerable Software and Affected Versions Weaver e-cology versions up to 9.0

Description A problematic vulnerability was found in the RequestInfoByXml function of the API component, leading to xml external entity reference. This issue is related to incorrect restriction of XML links to external objects, which can allow a remote attacker to read, modify, or delete data using a specially crafted XML request.

Recommendations For Weaver e-cology versions up to 9.0, as a temporary workaround, consider disabling the RequestInfoByXml function of the API component until a patch is available. Restrict access to the API to minimize the risk of exploitation. Avoid using specially crafted XML requests in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.