PT-2025-30413 · Etq · Etq Reliance
Published
2025-07-22
·
Updated
2025-07-22
·
CVE-2025-34142
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
ETQ Reliance versions prior to SE.2025.1
ETQ Reliance version 2025.1.2
Description
An XML External Entity (XXE) injection vulnerability exists within the
/resources/sessions/sso endpoint. The SAML authentication handler processes XML input without disabling external entity resolution, potentially allowing attackers to retrieve sensitive files or perform server-side request forgery (SSRF).Recommendations
Update to version SE.2025.1 or later.
Update to version 2025.1.2.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Etq Reliance