exploitDog

CVE-2021-44477

Опубликовано: 25 мар. 2022

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project/template file.

Ссылки

https://www.cisa.gov/uscert/ics/advisories/icsa-22-025-01
Mitigation
Third Party Advisory
US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-22-025-01
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ge:toolboxst:*:*:*:*:*:*:*:*

Версия до 07.09.07c (исключая)

EPSS

Процентиль: 50%

0.00266

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-611

CWE-611

Связанные уязвимости

GHSA-47r3-3h3h-gh9w

CVSS3: 7.5

github

почти 4 года назад

GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external entity (XXE) vulnerability using the DTD parameter entities technique that could result in disclosure and retrieval of arbitrary data on the affected node via an out-of-band (OOB) attack. The vulnerability is triggered when input passed to the XML parser is not sanitized while parsing the XML project/template file.

EPSS

Процентиль: 50%

0.00266

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-611

CWE-611