Avaya Web License Manager XML Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Blind Out-Of-Band XML External Entity Injection Authenticated product: Avaya Web License Manager vulnerable version: 6.x, 7.0 through 7.1.3.6, 8.0 through 8.1.2.0.0 fixed...

CVE-2020-7032

creationtimestamp| type| source ---|---|--- 2020-11-13 07:32:59+00:00| seen| https://t.me/cibsecurity/16282 2024-11-19 17:42:25+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/2128...

CVE-2020-7032

CVE-2020-7032 describes an XML External Entity (XXE) vulnerability in Avaya WebLM admin interface. Authenticated users can exploit a crafted DTD in an XML request to read arbitrary files or perform server-side request forgery (SSRF). Affected versions are Avaya WebLM 7.0–7.1.3.6 and 8.0–8.1.2. Th...

CVE-2020-7032 Avaya WebLM Improper Restriction of XML External Entity Reference

An XML external entity XXE vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery SSRF attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2...