Lucene search

INCIBECVELIST:CVE-2023-6280

HistoryDec 19, 2023 - 3:00 p.m.

CVE-2023-6280 XML External Entity Reference on 52North WPS

2023-12-1915:00:07

CWE-611

INCIBE

www.cve.org

xxe

vulnerability

52north wps

webprocessingservice

http requests

internal network

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

EPSS

0.001

Percentile

37.2%

JSON

An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "52North WPS",
    "vendor": "52North",
    "versions": [
      {
        "lessThan": "4.0.0-beta.11",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/xml-external-entity-reference-52north-wps

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

EPSS

0.001

Percentile

37.2%

JSON

Related for CVELIST:CVE-2023-6280