CVE-2023-6280

Name of the Vulnerable Software and Affected Versions 52North WPS versions prior to 4.0.0-beta.11

Description An XXE (XML External Entity) vulnerability has been detected, allowing the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.

Recommendations For versions prior to 4.0.0-beta.11, update to version 4.0.0-beta.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the WebProcessingService servlet until a patch is applied.