Description


VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Related CPE's


References


https://www.cisa.gov/uscert/ics/advisories/icsa-21-308-01

MitigationThird Party AdvisoryUS Government Resource

Weaknesses



CWE-611

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-07-27T21:15:08.687

2 years ago

Last modified

2022-08-05T14:47:42.943

2 years ago