CVE-2024-6893

The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.
References
Link Resource
https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:linux:*:*

History

08 Aug 2024, 20:53

Type Values Removed Values Added
First Time Journyx journyx
Journyx
References () https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt - () https://korelogic.com/Resources/Advisories/KL-001-2024-010.txt - Exploit, Third Party Advisory
CPE cpe:2.3:a:journyx:journyx:11.5.4:*:*:*:*:linux:*:*

08 Aug 2024, 14:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

08 Aug 2024, 13:04

Type Values Removed Values Added
Summary
  • (es) El controlador API "soap_cgi.pyc" permite que el cuerpo XML de las solicitudes SOAP contenga referencias a entidades externas. Esto permite que un atacante no autenticado lea archivos locales, falsifique solicitudes del lado del servidor y abrume los recursos del servidor web.

08 Aug 2024, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-08 00:15

Updated : 2024-08-08 20:53


NVD link : CVE-2024-6893

Mitre link : CVE-2024-6893

CVE.ORG link : CVE-2024-6893


JSON object : View

Products Affected

journyx

  • journyx
CWE
CWE-611

Improper Restriction of XML External Entity Reference