How severe is CVE-2024-49704?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-49704?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2024-49704

MEDIUM Year: 2024

CVSS v3 Score

5.5

Medium

Weakness Type

CWE-611

View all →

Vulnerability Description

A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The Generic Data Mapper, the Engineering Adapter, and the Engineering Interface improperly handle XML External Entity (XXE) entries when parsing configuration and mapping files. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by persuading a user to use a maliciously crafted configuration or mapping file in one of the affected components.

CVE-2012-5656

MEDIUM

CVSS:5.5(Medium)

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

CWE-6112012

CVE-2016-5000

MEDIUM

CVSS:5.5(Medium)

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity re...

CWE-6112016

CVE-2016-5748

MEDIUM

CVSS:5.5(Medium)

External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local fi...

CWE-6112016

CVE-2016-5749

MEDIUM

CVSS:5.5(Medium)

NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests with external entity resolution enabled, which could lead to local file disclosure via an XML Externa...

CWE-6112016

CVE-2016-9318

MEDIUM

CVSS:5.5(Medium)

libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, w...

CWE-6112016

CVE-2017-15280

MEDIUM

CVSS:5.5(Medium)

XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF)...

CWE-6112017

CVE-2024-49704

Vulnerability Description

Related Vulnerabilities

CVE-2012-5656

CVE-2016-5000

CVE-2016-5748

CVE-2016-5749

CVE-2016-9318

CVE-2017-15280