Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiKpcZDI-22-508
HistoryMar 11, 2022 - 12:00 a.m.

Cisco Nexus Dashboard Fabric Controller XML External Entity Processing Information Disclosure Vulnerability

2022-03-1100:00:00
kpc
www.zerodayinitiative.com
15

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.2%

JSON

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cisco Nexus Dashboard Fabric Controller. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the AMF protocol. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the fmserver user.

Related

nessus 4
threatpost 3
adobe 1
zdt 1
cve 1
securityvulns 2
myhack58 2
prion 1
vmware 2
cert 2
seebug 1
nessus
nessus
Adobe ColdFusion BlazeDS XXE (APSB15-21) (credentialed check)
2015-09-03 00:00:00
HP Operations Manager i Apache Flex BlazeDS External Entity Injection Vulnerability
2016-03-09 00:00:00
VMware vCenter Multiple Vulnerabilities (VMSA-2015-0008)
2015-12-22 00:00:00
threatpost
threatpost
Adobe LiveCycle Data Services Hotfix
2015-08-18 12:46:31
VMware Patches Pesky XXE Bug in Flex BlazeDS
2015-11-20 16:36:23
Adobe ColdFusion Hotfix
2015-08-27 14:08:42
adobe
adobe
APSB15-20 Security update available for LiveCycle Data Services
2015-08-18 00:00:00
zdt
zdt
Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability
2015-08-20 00:00:00
cve
cve
CVE-2015-3269
2015-08-25 01:59:00
securityvulns
securityvulns
CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability
2015-08-24 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2015-08-24 00:00:00
myhack58
myhack58
Java AMF3 deserialization vulnerability analysis-vulnerability warning-the black bar safety net
2017-04-07 00:00:00
Java AMF3 exposure remote code execution vulnerability-vulnerability warning-the black bar safety net
2017-04-07 00:00:00
prion
prion
Xxe
2015-08-25 01:59:00
vmware
vmware
VMware product updates address information disclosure issue.
2015-11-18 00:00:00
VMware product updates address information disclosure issue.
2015-11-18 00:00:00
cert
cert
Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities
2016-03-24 00:00:00
Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references
2017-04-04 00:00:00
seebug
seebug
AMF3 Java implementations Improper Restriction of XML External Entity Reference ('XXE')
2017-04-06 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.2%

JSON
Related for ZDI-22-508
nessus4threatpost3adobe1zdt1cve1securityvulns2myhack582prion1vmware2cert2seebug1