5
CVE-2015-0923
- EPSS 22.03%
- Veröffentlicht 14.02.2015 03:01:17
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
LoginThe ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ektron ≫ Ektron Content Management System Version8.5.0
Ektron ≫ Ektron Content Management System Version8.7.0
Ektron ≫ Ektron Content Management System Version8.7.0 Updatesp1
Ektron ≫ Ektron Content Management System Version8.9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 22.03% | 0.974 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
http://www.kb.cert.org/vuls/id/377644