Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.
Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.
Problem Types
| Type | CWE ID | Description |
|---|
| CWE | CWE-611 | CWE-611 Improper Restriction of XML External Entity Reference |
Type: CWE
Description: CWE-611 Improper Restriction of XML External Entity Reference
Metrics
| Version | Base score | Base severity | Vector |
|---|
| 4.0 | 8.8 | HIGH | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N |
| 4.0 | 6.9 | MEDIUM | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N |
Version: 4.0
Base score: 8.8
Base severity: HIGH
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
Impacts
| CAPEC ID | Description |
|---|
| CAPEC-201 | CAPEC-201 Serialized Data External Linking |
Description: CAPEC-201 Serialized Data External Linking