CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation.
8.8CVSS
8.5AI Score
0.001EPSS
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure.
4.7CVSS
4.7AI Score
0.001EPSS