exploitDog

CVE-2015-7743

Опубликовано: 23 янв. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.

Ссылки

https://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://www.paessler.com/prtg/history/stable#16.2.23.3077
VDB Entry
https://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://www.paessler.com/prtg/history/stable#16.2.23.3077
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*

Версия до 14.4.12.3282 (включая)

EPSS

Процентиль: 54%

0.00317

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-xq23-vw7c-wg89

CVSS3: 6.5

github

больше 3 лет назад

XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.

EPSS

Процентиль: 54%

0.00317

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-611