CVE-2022-2458

XML external entity injectionXXE is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML...

PT-2022-16733 · Red Hat +1 · Kie-Server Apis +1

Name of the Vulnerable Software and Affected Versions: Business Central affected versions not specified Kie-Server APIs affected versions not specified Description: The issue allows an attacker to interfere with an application's processing of XML data through XML external entity injection XXE. Th...

CVE-2022-2458

An XML external entity injectionXXE vulnerability was found in Business Central. This flaw allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. T...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to External Service Interaction (CVE-2021-39016)

Summary In IBM Engineering Lifecycle Optimization - Publishing, it is possible to induce the application to perform server-side HTTP and HTTPS requests to arbitrary domains. CVE-2021-39016. Vulnerability Details CVEID: CVE-2021-39016 DESCRIPTION: IBM Engineering Lifecycle Optimization - Publishin...

PT-2022-6311 · Ibm · Ibm Api Connect

Name of the Vulnerable Software and Affected Versions: IBM API Connect versions 10.0.0.0 through 10.0.5.0 IBM API Connect versions 10.0.1.0 through 10.0.1.7 IBM API Connect versions 2018.4.1.0 through 2018.4.1.20 Description: The issue is caused by improper validation of user-supplied input,...

CVE-2022-22433

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...

CVE-2022-22433

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...

Input validation

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...

CVE-2022-22433

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...

CVE-2022-22433

IBM Robotic Process Automation (RPA) versions 21.0.1 and 21.0.2 are affected by an External Service Interaction vulnerability caused by improper validation of user-supplied input. A remote attacker could induce the RPA server to perform server-side DNS lookups or HTTP requests to arbitrary domain...

Security Bulletin: IBM Robotic Process Automation is vulnerable to an issue where an API could be used to perform a DNS lookup via a third party provider.

Summary IBM Robotic Process Automation is vulnerable to an issue where an API could be used to perform a DNS lookup via a third party provider. Vulnerability Details CVEID: CVE-2022-22433 DESCRIPTION: IBM Robotic Process Automation is vulnerable to External Service Interaction attack, caused by...

CVE-2022-22433

IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrar...

Thinfinity VirtualUI 2.5.26.2 - Information Disclosure

Exploit Title: Thinfinity VirtualUI 2.5.26.2 - Information Disclosure Date: 18/01/2022 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version vulnerable: Thinfinity VirtualUI ?...

Thinfinity VirtualUI 2.5.26.2 - Information Disclosure Vulnerability

Exploit Title: Thinfinity VirtualUI 2.5.26.2 - Information Disclosure Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version vulnerable: Thinfinity VirtualUI ? cmd=connect&wscompression=true&destAddr=domain.com...

Thinfinity VirtualUI 2.5.26.2 Information Disclosure

Exploit Title: Thinfinity VirtualUI 2.5.26.2 - Information Disclosure Date: 18/01/2022 Exploit Author: Daniel Morales Vendor: https://www.cybelesoft.com Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ Version vulnerable: Thinfinity VirtualUI ?...

U.S. Dept Of Defense: XML Injection / External Service Interaction (HTTP/DNS) On https://█████████.mil

Greetings, I found on one of your sites an XML Injection + External service Interaction DNS/HTTP Link of the vulnerable file : https://█████.mil/██████████ Payload XML Injection : fkp please change the link of burp collaborator and + URL encode the payload How to reproduce █████ I cut the video...

U.S. Dept Of Defense: External Service Interaction (HTTP/DNS) on https://www.███ (██████████ parameter)

Greetings, i've find a External service interaction HTTP/DNS on https://www.███████ External service interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail server. The ability to trigger arbitrary external service...

Input validation

SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction DNS due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier...

CVE-2020-5130

CVE-2020-5130 affects SonicOS SSLVPN where an LDAP login request is not properly validated, allowing remote attackers to trigger external service interaction (DNS). The issue impacts SonicOS versions 6.5.4.4-44n and earlier. The primary documented cause is improper validation of the request, with...

SonicOS SSLVPN External Service Interaction (DNS) Vulnerability

SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction DNS due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. CVE: CVE-2020-5130 Last updated: July 16, 2020, 9:26 a.m...