An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.
References
| Link | Resource |
|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso/xml-external-entity-reference-52north-wps | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Dec 2023, 19:02
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:52north:wps:4.0.0:beta9:*:*:*:*:*:* cpe:2.3:a:52north:wps:4.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:52north:wps:4.0.0:beta4:*:*:*:*:*:* cpe:2.3:a:52north:wps:4.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:52north:wps:4.0.0:beta8:*:*:*:*:*:* cpe:2.3:a:52north:wps:4.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:52north:wps:4.0.0:beta5:*:*:*:*:*:* cpe:2.3:a:52north:wps:*:*:*:*:*:*:*:* cpe:2.3:a:52north:wps:4.0.0:beta7:*:*:*:*:*:* cpe:2.3:a:52north:wps:4.0.0:beta10:*:*:*:*:*:* cpe:2.3:a:52north:wps:4.0.0:beta6:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| References | () https://www.incibe.es/en/incibe-cert/notices/aviso/xml-external-entity-reference-52north-wps - Third Party Advisory |
19 Dec 2023, 16:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-19 15:15
Updated : 2024-08-02 09:15
NVD link : CVE-2023-6280
Mitre link : CVE-2023-6280
CVE.ORG link : CVE-2023-6280
JSON object : View
Products Affected
52north
- wps
CWE
CWE-611
Improper Restriction of XML External Entity Reference