CVE-2023-42344

Name of the Vulnerable Software and Affected Versions Alkacon OpenCms versions prior to 10.5.1

Description Remote unauthenticated attackers can obtain sensitive information or execute arbitrary code by sending a specially crafted POST request. This is possible due to improper restriction of XML references to external objects, leading to an XML External Entity (XXE) attack—a technique where an application processes external entities within an XML document—targeting the 'cmis-online/query' endpoint on a Chemistry servlet.

Recommendations Update to version 10.5.1 or later.