Описание
XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.
Уязвимые конфигурации
Конфигурация 1Версия до 12.1.1 (исключая)
cpe:2.3:a:hcltech:unica:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.003
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-91
CWE-611
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references.
EPSS
Процентиль: 53%
0.003
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-91
CWE-611