How severe is CVE-2023-51605?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2023-51605?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2023-51605

MEDIUM Year: 2023

CVSS v3 Score

5.5

Medium

Weakness Type

CWE-611

View all →

Vulnerability Description

Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. . Was ZDI-CAN-18644.

CVE-2012-5656

MEDIUM

CVSS:5.5(Medium)

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

CWE-6112012

CVE-2016-5000

MEDIUM

CVSS:5.5(Medium)

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity re...

CWE-6112016

CVE-2016-5748

MEDIUM

CVSS:5.5(Medium)

External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local fi...

CWE-6112016

CVE-2016-5749

MEDIUM

CVSS:5.5(Medium)

NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML Externa...

CWE-6112016

CVE-2016-9318

MEDIUM

CVSS:5.5(Medium)

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, w...

CWE-6112016

CVE-2017-15280

MEDIUM

CVSS:5.5(Medium)

XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF)...

CWE-6112017

CVE-2023-51605

Vulnerability Description

Related Vulnerabilities

CVE-2012-5656

CVE-2016-5000

CVE-2016-5748

CVE-2016-5749

CVE-2016-9318

CVE-2017-15280