CVE-2017-6323

EPSS 0.2%
Published 16.04.2018 19:29:00
Last modified 21.11.2024 03:29:33
Source secure@symantec.com
Teams watchlist Login
Open Login

The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Management Console Version < 8.1

Symantec ≫ Management Console Version7.6 Updatehf7

Symantec ≫ Management Console Version8.0 Updatehf6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.2%	0.394

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8	2.1	5.9	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5.2	5.1	6.4	AV:A/AC:L/Au:S/C:P/I:P/A:P

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

http://www.securityfocus.com/bid/98621

Third Party Advisory

VDB Entry

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170628_00

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-6323

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-6323

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-6323

EUVD