Description

VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Related CPE's

a

visam

vbase_web-remote

11.6.0.6

Vulnerable

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-308-01

MitigationThird Party AdvisoryUS Government Resource

https://www.cisa.gov/uscert/ics/advisories/icsa-21-308-01

MitigationThird Party AdvisoryUS Government Resource

Weaknesses

[email protected]

Primary
CWE-611

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-611

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N

5.9 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-07-27T19:15:08.687Z

3 years ago

Last modified

2025-04-17T14:15:23.990Z

1 year ago