Описание
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:emc:documentum_xcp:2.1:*:*:*:*:*:*:*
cpe:2.3:a:emc:documentum_xcp:2.2:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00483
Низкий
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to read arbitrary files via a POST request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
EPSS
Процентиль: 65%
0.00483
Низкий
5.4 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
NVD-CWE-Other