5 matches found
Vulnerability fixed in Autodesk
Autodesk has fixed a vulnerability in DWG Trueview. A malicious party can exploit the vulnerability to cause a denial-of-service, execute arbitrary code with application privileges, or to gain access to sensitive data in the context of the application. Successful exploitation requires the malicio...
CVE-2023-40612
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...
CVE-2023-40612 Authenticated XXE Injection Via The File Editor
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...
CVE-2023-40612
Summary of CVE-2023-40612 : In OpenNMS Horizon, versions 31.0.8 and earlier than 32.0.2, the file editor is accessible to users with the ROLE_FILESYSTEM_EDITOR privilege and is vulnerable to XXE injection attacks. The root cause is an XXE processing vulnerability in the file editor component. The...
CVE-2023-40612 Authenticated XXE Injection Via The File Editor
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...