Description
VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
References
https://www.cisa.gov/uscert/ics/advisories/icsa-21-308-01
MitigationThird Party AdvisoryUS Government Resource
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-07-27T21:15:08.687
2 years agoLast modified
2022-08-05T14:47:42.943
2 years ago