Описание
IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Ссылки
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ibm:filenet_workplace:4.0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00548
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
EPSS
Процентиль: 67%
0.00548
Низкий
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-611