Lucene search

OpenJS FoundationFRIENDSOFPHP:TYPO3:CMS-CORE:CVE-2020-26229

HistoryNov 17, 2020 - 8:51 a.m.

TYPO3-CORE-SA-2020-012: XML External Entity in Dashboard Widget

2020-11-1708:51:21

OpenJS Foundation

github.com

typo3

xml

external entity

dashboard widget

security advisory

2020

CVSS2

3.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:N/A:P

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

31.4%

JSON

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-012

Affected configurations

Vulners

Node

typo3cms_coreRange<10.4.10

VendorProductVersionCPE
typo3cms_core*cpe:2.3:a:typo3:cms_core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	cms_core	*	cpe:2.3:a:typo3:cms_core::::::::

CVSS2

3.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:N/A:P

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

31.4%

JSON

Related for FRIENDSOFPHP:TYPO3:CMS-CORE:CVE-2020-26229