Lucene search

[email protected]CVE-2015-3623

HistorySep 16, 2015 - 6:59 p.m.

CVE-2015-3623

2015-09-1618:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2015-3623

xxe vulnerability

qliktech qlikview

ssrf attacks

accesspoint.aspx

nvd

6.4 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.044 Low

EPSS

Percentile

92.4%

JSON

XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.

CPENameOperatorVersion
qlik:qlikviewqlik qlikviewle11.20

CPE	Name	Operator	Version
qlik:qlikview	qlik qlikview	le	11.20

References

packetstormsecurity.com/files/133499/Qlikview-11.20-SR4-Blind-XXE-Injection.html

www.securityfocus.com/archive/1/536411/100/0/threaded

www.exploit-db.com/exploits/38118/

6.4 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.044 Low

EPSS

Percentile

92.4%

JSON

Related for CVE-2015-3623

nessus1 kaspersky1 zdt1 prion1 packetstorm1 securityvulns2 exploitpack1 exploitdb1