CVE-2023-1288

An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server.
References
Link Resource
https://www.3ds.com/vulnerability/advisories Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:3ds:enovia_live_collaboration:*:*:*:*:*:*:*:*

History

21 Mar 2023, 16:44

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 7.5

20 Mar 2023, 14:15

Type Values Removed Values Added
Summary An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote File inclusions. An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server.

15 Mar 2023, 16:17

Type Values Removed Values Added
CWE CWE-611
CPE cpe:2.3:a:3ds:enovia_live_collaboration:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References (MISC) https://www.3ds.com/vulnerability/advisories - (MISC) https://www.3ds.com/vulnerability/advisories - Vendor Advisory

09 Mar 2023, 20:03

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-09 17:15

Updated : 2024-02-04 23:14


NVD link : CVE-2023-1288

Mitre link : CVE-2023-1288

CVE.ORG link : CVE-2023-1288


JSON object : View

Products Affected

3ds

  • enovia_live_collaboration
CWE
CWE-611

Improper Restriction of XML External Entity Reference