CVE-2013-3617

{"id": "CVE-2013-3617", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-11-02T19:55:04.523", "references": [{"url": "http://www.kb.cert.org/vuls/id/533894", "tags": ["Exploit", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/63431", "tags": ["Exploit"], "source": "cret@cert.org"}, {"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/533894", "tags": ["Exploit", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/63431", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue."}, {"lang": "es", "value": "La API XML en Openbravo ERP 2.5, 3.0 y anteriores permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s de un documento XML con una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia de entidad en /ws/dal/ADUser u otra interfaz /ws/dal/XXX, esta relacionado con un problema XML External Entity (XXE)."}], "lastModified": "2024-11-21T01:53:59.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openbravo:openbravo_erp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "856429C7-7977-45DF-BA55-A319C87F22E3", "versionEndIncluding": "3.0"}, {"criteria": "cpe:2.3:a:openbravo:openbravo_erp:2.40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36E5C029-509F-4005-B428-AC35F16F8A91"}, {"criteria": "cpe:2.3:a:openbravo:openbravo_erp:2.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C864621-1CB9-4753-A184-3CD65FD01CFD"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}