CVE-2023-6280

An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:52north:wps:*:*:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta10:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta6:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta7:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta8:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta9:*:*:*:*:*:*

History

28 Dec 2023, 19:02

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://www.incibe.es/en/incibe-cert/notices/aviso/xml-external-entity-reference-52north-wps - () https://www.incibe.es/en/incibe-cert/notices/aviso/xml-external-entity-reference-52north-wps - Third Party Advisory
First Time 52north wps
52north
CPE cpe:2.3:a:52north:wps:4.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta9:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta10:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta7:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta6:*:*:*:*:*:*
cpe:2.3:a:52north:wps:*:*:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta8:*:*:*:*:*:*
cpe:2.3:a:52north:wps:4.0.0:beta2:*:*:*:*:*:*

19 Dec 2023, 16:17

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-19 15:15

Updated : 2024-08-02 09:15


NVD link : CVE-2023-6280

Mitre link : CVE-2023-6280

CVE.ORG link : CVE-2023-6280


JSON object : View

Products Affected

52north

  • wps
CWE
CWE-611

Improper Restriction of XML External Entity Reference