CVE-2023-41365

MEDIUM Year: 2023
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-611
View all →

Vulnerability Description

SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability.

Related Vulnerabilities

CVE-2015-3160

MEDIUM
CVSS:4.3(Medium)

XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing en...

CWE-6112015

CVE-2016-0268

MEDIUM
CVSS:4.3(Medium)

XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check ...

CWE-6112016

CVE-2017-10889

MEDIUM
CVSS:4.3(Medium)

TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.

CWE-6112017

CVE-2017-3839

MEDIUM
CVSS:4.3(Medium)

An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the ...

CWE-6112017

CVE-2018-6225

MEDIUM
CVSS:4.3(Medium)

An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.

CWE-6112018

CVE-2020-26247

MEDIUM
CVSS:4.3(Medium)

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokog...

CWE-6112020