Описание
In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. This allows context-dependent attackers to read arbitrary files or cause a denial of service, a similar issue to CVE-2013-4152.
Ссылки
- Product
- Vendor Advisory
- Product
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.0.0 (включая) до 4.7.5 (исключая)
cpe:2.3:a:ws-inc:j_wbem:*:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00211
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 9.1
github
больше 2 лет назад
In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. This allows context-dependent attackers to read arbitrary files or cause a denial of service, a similar issue to CVE-2013-4152.
EPSS
Процентиль: 43%
0.00211
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-611