Xxe

2014-12-1015:59:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.3%

JSON

XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted request.

CPENameOperatorVersion
web_accesseq12.2.0.14697
web_accesseq11.4.6.12377

CPE	Name	Operator	Version
	web_access	eq	12.2.0.14697
	web_access	eq	11.4.6.12377

References

seclists.org/fulldisclosure/2014/Oct/133

www.securityfocus.com/archive/1/533861/100/0/threaded

www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141031-0_Scalix_Web_Access_XXE_v10.txt