CVE-2023-6280 HIGH

CVE-2023-6280: XML External Entity Reference on 52North WPS

Vendor 52North
Product 52North WPS
Weakness CWE-611 · XXE
Published December 19, 2023
Last update August 2, 2024

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

What the vulnerability does

01Description

An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.

Key dates

02Disclosure timeline

December 19, 2023 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE