CVE-2020-7572

HIGH Year: 2020
CVSS v3 Score
8.8
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-611
View all →

Vulnerability Description

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser.

Related Vulnerabilities

CVE-2010-3322

HIGH
CVSS:8.8(High)

The XML parser in Splunk 4.0.0 through 4.1.4 allows remote authenticated users to obtain sensitive information and gain privileges via an XML External Entity (XXE) attack to unknown vectors.

CWE-6112010

CVE-2014-0225

HIGH
CVSS:8.8(High)

When processing user provided XML documents, the Spring Framework 4.0.0 to 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not disable by default the resolution of URI references ...

CWE-6112014

CVE-2014-2296

HIGH
CVSS:8.8(High)

XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remo...

CWE-6112014

CVE-2016-5851

HIGH
CVSS:8.8(High)

python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document.

CWE-6112016

CVE-2016-8526

HIGH
CVSS:8.8(High)

Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If ...

CWE-6112016

CVE-2017-1000021

HIGH
CVSS:8.8(High)

LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents.

CWE-6112017