exploitDog

CVE-2020-14204

Опубликовано: 22 июн. 2020

Источник: nvd

CVSS3: 8.2

CVSS2: 5.8

EPSS Низкий

Описание

In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes to the application repository configuration.

Ссылки

https://www.hooperlabs.xyz/disclosures/webfocus.php
Technical Description
Third Party Advisory
https://www.hooperlabs.xyz/disclosures/webfocus.php
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ibi:webfocus_business_intelligence:8.0:sp6:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00491

Низкий

8.2 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-2r5q-g9p8-3977

github

больше 3 лет назад

In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes to the application repository configuration.

EPSS

Процентиль: 65%

0.00491

Низкий

8.2 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-611