Описание
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.0.0 (исключая)
cpe:2.3:a:lumis:lumis_experience_platform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.91224
Критический
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
github
больше 3 лет назад
LumisXP (aka Lumis Experience Platform) before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service.
EPSS
Процентиль: 100%
0.91224
Критический
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-611