Lucene search

Veracode Vulnerability DatabaseVERACODE:7059

HistoryJul 16, 2018 - 5:54 a.m.

Arbitrary XML Injection

2018-07-1605:54:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

swift is vulnerable to arbitrary XML injection attacks. The vulnerability exists due to the lack of user input sanitization of the account variable which is directly used in forming a XML to be parsed, allowing arbitrary XML injection attacks.

CPENameOperatorVersion
swifteq1.0.2

CPE	Name	Operator	Version
	swift	eq	1.0.2

References

lists.opensuse.org/opensuse-updates/2013-07/msg00021.html

rhn.redhat.com/errata/RHSA-2013-0993.html

www.debian.org/security/2012/dsa-2737

www.openwall.com/lists/oss-security/2013/06/13/4

bugs.launchpad.net/swift/+bug/1183884

bugzilla.redhat.com/attachment.cgi?id=760270

bugzilla.redhat.com/show_bug.cgi?id=972988

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:7059