Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2025/06/15 12:0 a.m.4 views

PT-2025-30560 · Open Source Geospatial Foundation · Geotools

Уязвимость модудей gt-xsd-core и gt-wfs-ng библиотеки GeoTools связана с неверным ограничением XML-ссылок на внешние объекты. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, проводить XXE-атаки...

9CVSS7.3AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/12/27 12:0 a.m.7 views

The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML links to external objects. This allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

5.5CVSS5.9AI score0.00784EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/06/26 12:0 a.m.9 views

The vulnerability of the “Add UCS Device” function in the OpManager network monitoring software, including OpManager MSP and OpManager Plus, allows a attacker to perform an SSRF attack.

The vulnerability of the “Add UCS Device” function in OpManager’s network monitoring software, including OpManager MSP and OpManager Plus, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...

5.8CVSS5.8AI score0.19807EPSS
Exploits1References6Affected Software3
BDU FSTEC
BDU FSTEC
added 2021/07/13 12:0 a.m.6 views

The vulnerability of the ConnectWise Automate software for remote monitoring and management of IT assets stems from incorrect restrictions on XML links to external objects. This allows attackers to execute arbitrary code or gain unauthorized access to protected information.

The vulnerability of the software for remote monitoring and management of IT assets in ConnectWise Automate relates to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or gain unauthorized access to...

9.8CVSS8.3AI score0.01061EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/05/19 12:0 a.m.6 views

The vulnerability in the web interface of the BroadWorks Messaging Server allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability in the web interface of the BroadWorks Messaging Server is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information or cause service...

5.5CVSS7.1AI score0.01115EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/01/27 12:0 a.m.4 views

The vulnerability of the XML platform’s syntactic analyzer, which is designed to enhance the effectiveness of educational materials and documentation. SAP Enable Now allows unauthorized access to protected information.

The vulnerability of the XML syntax analyzer on the SAP Enable Now platform, which is designed to improve the effectiveness of educational materials and documentation, is related to errors in XML link restrictions. Exploiting this vulnerability could allow an attacker to gain unauthorized access ...

5.5CVSS5.9AI score0.00689EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2018/02/21 12:0 a.m.6 views

The vulnerability of the hidden content checking component in the SAP NetWeaver software integration platform allows a perpetrator to access confidential information or cause service failures.

The vulnerability of the hidden content checking component in the SAP NetWeaver software integration platform is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information or cause servic...

9.4CVSS5.5AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/10/05 12:0 a.m.7 views

The vulnerability of the Single Sign-On implementation for management tools in VMware vCenter Server and VMware vRealize Automation arises from incorrect restrictions on XML links to external objects. This allows a malicious actor to trigger service failures or gain access to confidential information.

The vulnerability of Single Sign-On implementations for VMware vCenter Server and VMware vRealize Automation management tools is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to cause service failures or gain...

6.4CVSS7.7AI score0.02146EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder