CVE-2023-6280

EPSS 0.04%
Published 19.12.2023 15:15:09
Last modified 21.11.2024 08:43:31
Source cve-coordination@incibe.es
Teams watchlist Login
Open Login

An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

52north ≫ Wps Version < 4.0.0

52north ≫ Wps Version4.0.0 Updatebeta1

52north ≫ Wps Version4.0.0 Updatebeta10

52north ≫ Wps Version4.0.0 Updatebeta2

52north ≫ Wps Version4.0.0 Updatebeta3

52north ≫ Wps Version4.0.0 Updatebeta4

52north ≫ Wps Version4.0.0 Updatebeta5

52north ≫ Wps Version4.0.0 Updatebeta6

52north ≫ Wps Version4.0.0 Updatebeta7

52north ≫ Wps Version4.0.0 Updatebeta8

52north ≫ Wps Version4.0.0 Updatebeta9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.081

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cve-coordination@incibe.es	7.2	3.9	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://www.incibe.es/en/incibe-cert/notices/aviso/xml-external-entity-reference-52north-wps

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-6280

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6280

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6280

EUVD