Lucene search
Bbf0bd87-ece2-41be-b873-96928ee8fab9NVD:CVE-2024-6893HistoryAug 08, 2024 - 12:15 a.m.
CVE-2024-6893
2024-08-0800:15:40
CWE-611
bbf0bd87-ece2-41be-b873-96928ee8fab9
web.nvd.nist.gov
4
api handler
xml body
ssrf
file read
unauthenticated attacker
web server resources
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.941
Percentile
99.2%
The “soap_cgi.pyc” API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.
Affected configurations
Node
journyxjournyxMatch11.5.4linux
Related
vulnrichment
vulnrichment
CVE-2024-6893 Journyx Unauthenticated XML External Entities Injection
2024-08-07 23:22:08
githubexploit
githubexploit
Exploit for Improper Restriction of XML External Entity Reference in Journyx
2024-08-17 22:47:45
zdt
zdt
Journyx 11.5.4 XML Injection Vulnerability
2024-08-08 00:00:00
korelogic
korelogic
Journyx Unauthenticated XML External Entities Injection
2024-08-07 00:00:00
cvelist
cvelist
CVE-2024-6893 Journyx Unauthenticated XML External Entities Injection
2024-08-07 23:22:08
cve
cve
CVE-2024-6893
2024-08-08 00:15:40
packetstorm
packetstorm
Journyx 11.5.4 XML Injection
2024-08-08 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.941
Percentile
99.2%
Related for NVD:CVE-2024-6893