CVE-2023-6280

EPSS 0.04%
Veröffentlicht 19.12.2023 15:15:09
Zuletzt bearbeitet 21.11.2024 08:43:31
Quelle cve-coordination@incibe.es
Teams Watchlist Login
Unerledigt Login

An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

52north ≫ Wps Version < 4.0.0

52north ≫ Wps Version4.0.0 Updatebeta1

52north ≫ Wps Version4.0.0 Updatebeta10

52north ≫ Wps Version4.0.0 Updatebeta2

52north ≫ Wps Version4.0.0 Updatebeta3

52north ≫ Wps Version4.0.0 Updatebeta4

52north ≫ Wps Version4.0.0 Updatebeta5

52north ≫ Wps Version4.0.0 Updatebeta6

52north ≫ Wps Version4.0.0 Updatebeta7

52north ≫ Wps Version4.0.0 Updatebeta8

52north ≫ Wps Version4.0.0 Updatebeta9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.081

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cve-coordination@incibe.es	7.2	3.9	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://www.incibe.es/en/incibe-cert/notices/aviso/xml-external-entity-reference-52north-wps

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-6280

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6280

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6280

EUVD