CVE-2024-49535

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-611
View all →

Vulnerability Description

Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide malicious XML input containing a reference to an external entity, potentially leading to unauthorized read access outside the Acrobat sandbox. Exploitation of this issue requires user interaction in that a victim must process a malicious XML document.

Related Vulnerabilities

CVE-2017-18438

MEDIUM
CVSS:6.3(Medium)

cPanel before 64.0.21 allows demo accounts to execute code via Encoding API calls (SEC-242).

CWE-6112017

CVE-2023-49234

MEDIUM
CVSS:6.3(Medium)

An XML external entity (XXE) vulnerability was found in Stilog Visual Planning 8. It allows an authenticated attacker to access local server files and exfiltrate data to an external server.

CWE-6112023

CVE-2024-2826

MEDIUM
CVSS:6.3(Medium)

A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads ...

CWE-6112024

CVE-2015-7968

MEDIUM
CVSS:6.4(Medium)

nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI.

CWE-6112015

CVE-2017-16349

MEDIUM
CVSS:6.4(Medium)

An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in infor...

CWE-6112017