Description

VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Related CPE's

a

visam

vbase_web-remote

11.6.0.6

Vulnerable

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-308-01

MitigationThird Party AdvisoryUS Government Resource

Weaknesses

[email protected]

Primary
CWE-611

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-07-27T21:15:08.687

2 years ago

Last modified

2022-08-05T14:47:42.943

2 years ago