CVE-2023-43067 MEDIUM

CVE-2023-43067

Vendor Dell
Product Unity
Weakness CWE-611 · XXE
Published October 23, 2023
Last update September 17, 2024

CVSS base score

4.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.

Key dates

02Disclosure timeline

October 23, 2023 CVE published
September 17, 2024 Record updated