bw-calendar-engine-impl is vulnerable to XML external entity injection (XXE). The vulnerability exists since the IscheduleClient
XML parser does not restrict external DTDs which would allow an attacker to perform XXE attacks via a crafted XML document.
CPE | Name | Operator | Version |
---|---|---|---|
bedework: calendar engine - api implementation | le | 3.13.2 |