Common Weakness Enumeration

CWE-611

Allowed

Improper Restriction of XML External Entity Reference

Abstraction: Base · Status: Draft

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

1694 vulnerabilities reference this CWE, most recent first.

CVE-2024-2374 (GCVE-0-2024-2374)

Vulnerability from cvelistv5 – Published: 2026-04-16 08:12 – Updated: 2026-04-16 12:30
VLAI
Title
XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service
Summary
The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. By leveraging this vulnerability, an attacker can read confidential files from the file system and access limited HTTP resources reachable by the product. Additionally, the vulnerability can be exploited to perform denial of service attacks by exhausting server resources through recursive entity expansion or fetching large external resources.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
References
Impacted products
Vendor Product Version
WSO2 WSO2 API Manager Unknown: 0 , < 3.1.0 (custom)
Affected: 3.1.0 , < 3.1.0.278 (custom)
Affected: 3.2.0 , < 3.2.0.368 (custom)
Affected: 4.0.0 , < 4.0.0.280 (custom)
Affected: 4.1.0 , < 4.1.0.206 (custom)
Affected: 4.2.0 , < 4.2.0.144 (custom)
Affected: 4.3.0 , < 4.3.0.57 (custom)
Create a notification for this product.
WSO2 WSO2 Identity Server Unknown: 0 , < 5.10.0 (custom)
Affected: 5.10.0 , < 5.10.0.300 (custom)
Affected: 5.11.0 , < 5.11.0.329 (custom)
Affected: 6.0.0 , < 6.0.0.179 (custom)
Affected: 6.1.0 , < 6.1.0.136 (custom)
Create a notification for this product.
WSO2 WSO2 Open Banking AM Unknown: 0 , < 2.0.0 (custom)
Affected: 2.0.0 , < 2.0.0.328 (custom)
Create a notification for this product.
WSO2 WSO2 Open Banking IAM Unknown: 0 , < 2.0.0 (custom)
Affected: 2.0.0 , < 2.0.0.348 (custom)
Create a notification for this product.
WSO2 WSO2 Identity Server as Key Manager Unknown: 0 , < 5.10.0 (custom)
Affected: 5.10.0 , < 5.10.0.296 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2374",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T12:29:10.744728Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-16T12:30:49.250Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 API Manager",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "3.1.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.1.0.278",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.2.0.368",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.0.0.280",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.1.0.206",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.2.0.144",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.3.0.57",
              "status": "affected",
              "version": "4.3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 Identity Server",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "5.10.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.10.0.300",
              "status": "affected",
              "version": "5.10.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.11.0.329",
              "status": "affected",
              "version": "5.11.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.0.179",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.0.136",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 Open Banking AM",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "2.0.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.0.0.328",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 Open Banking IAM",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "2.0.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.0.0.348",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 Identity Server as Key Manager",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "5.10.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.10.0.296",
              "status": "affected",
              "version": "5.10.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "3.1.0.278",
                  "versionStartIncluding": "3.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "3.2.0.368",
                  "versionStartIncluding": "3.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.0.0.280",
                  "versionStartIncluding": "4.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.1.0.206",
                  "versionStartIncluding": "4.1.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.2.0.144",
                  "versionStartIncluding": "4.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:wso2:wso2_api_manager:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.3.0.57",
                  "versionStartIncluding": "4.3.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.0.300",
                  "versionStartIncluding": "5.10.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.11.0.329",
                  "versionStartIncluding": "5.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.0.179",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:wso2:wso2_identity_server:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.0.136",
                  "versionStartIncluding": "6.1.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:wso2:wso2_open_banking_am:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.0.328",
                  "versionStartIncluding": "2.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:wso2:wso2_open_banking_iam:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.0.0.348",
                  "versionStartIncluding": "2.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            },
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:wso2:wso2_identity_server_as_key_manager:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.0.296",
                  "versionStartIncluding": "5.10.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser\u0027s behavior, leading to the inclusion of external resources.\n\nBy leveraging this vulnerability, an attacker can read confidential files from the file system and access limited HTTP resources reachable by the product. Additionally, the vulnerability can be exploited to perform denial of service attacks by exhausting server resources through recursive entity expansion or fetching large external resources."
            }
          ],
          "value": "The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser\u0027s behavior, leading to the inclusion of external resources.\n\nBy leveraging this vulnerability, an attacker can read confidential files from the file system and access limited HTTP resources reachable by the product. Additionally, the vulnerability can be exploited to perform denial of service attacks by exhausting server resources through recursive entity expansion or fetching large external resources."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-113",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-113 CAPEC-113: XML External Entity Expansion"
            }
          ]
        },
        {
          "capecId": "CAPEC-602",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-602 CAPEC-602: XML Entity Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-16T08:12:58.247Z",
        "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "shortName": "WSO2"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3255/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3255/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3255/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
            }
          ],
          "value": "Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3255/#solution"
        }
      ],
      "source": {
        "advisory": "WSO2-2024-3255",
        "discovery": "INTERNAL"
      },
      "title": "XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
    "assignerShortName": "WSO2",
    "cveId": "CVE-2024-2374",
    "datePublished": "2026-04-16T08:12:58.247Z",
    "dateReserved": "2024-03-11T13:41:10.687Z",
    "dateUpdated": "2026-04-16T12:30:49.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-1167 (GCVE-0-2024-1167)

Vulnerability from cvelistv5 – Published: 2024-02-01 18:01 – Updated: 2025-05-15 19:51
VLAI
Title
SEW-EURODRIVE MOVITOOLS MotionStudio Improper Restriction of XML External Entity Reference
Summary
When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
Impacted products
Credits
Esjay working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:33:24.882Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-016-01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.seweurodrive.com/contact_us/contact_us.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1167",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T15:50:16.014843Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T19:51:29.890Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MOVITOOLS MotionStudio",
          "vendor": "SEW-EURODRIVE",
          "versions": [
            {
              "status": "affected",
              "version": "6.5.0.2"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Esjay working with Trend Micro Zero Day Initiative reported this vulnerability to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nWhen SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-01T18:01:24.776Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-016-01"
        },
        {
          "url": "https://www.seweurodrive.com/contact_us/contact_us.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "SEW-EURODRIVE MOVITOOLS MotionStudio Improper Restriction of XML External Entity Reference",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSEW-EURODRIVE has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of MOVITOOLS MotionStudio are invited to contact \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.seweurodrive.com/contact_us/contact_us.html\"\u003eSEW-EURODRIVE\u003c/a\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;for additional information.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nSEW-EURODRIVE has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of affected versions of MOVITOOLS MotionStudio are invited to contact  SEW-EURODRIVE https://www.seweurodrive.com/contact_us/contact_us.html \u00a0for additional information.\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2024-1167",
    "datePublished": "2024-02-01T18:01:24.776Z",
    "dateReserved": "2024-02-01T17:50:04.071Z",
    "dateUpdated": "2025-05-15T19:51:29.890Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-51605 (GCVE-0-2023-51605)

Vulnerability from cvelistv5 – Published: 2024-05-03 02:15 – Updated: 2024-09-18 18:30
VLAI
Title
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Summary
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. . Was ZDI-CAN-18644.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
zdi
References
Impacted products
Vendor Product Version
Honeywell Saia PG5 Controls Suite Affected: PG5 v2.3.193
Create a notification for this product.
honeywell saia_pg5_controls_suite Affected: *
    cpe:2.3:a:honeywell:saia_pg5_controls_suite:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-12-20 22:49
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:honeywell:saia_pg5_controls_suite:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "saia_pg5_controls_suite",
            "vendor": "honeywell",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-51605",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-03T18:36:03.220078Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:20:39.707Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:40:33.664Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-1854",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1854/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Saia PG5 Controls Suite",
          "vendor": "Honeywell",
          "versions": [
            {
              "status": "affected",
              "version": "PG5 v2.3.193"
            }
          ]
        }
      ],
      "dateAssigned": "2023-12-20T22:02:27.276Z",
      "datePublic": "2023-12-20T22:49:48.039Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process.\n. Was ZDI-CAN-18644."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-18T18:30:48.470Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-1854",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1854/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-51605",
    "datePublished": "2024-05-03T02:15:31.381Z",
    "dateReserved": "2023-12-20T21:52:34.956Z",
    "dateUpdated": "2024-09-18T18:30:48.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-51604 (GCVE-0-2023-51604)

Vulnerability from cvelistv5 – Published: 2024-05-03 02:15 – Updated: 2024-09-18 18:30
VLAI
Title
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Summary
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. . Was ZDI-CAN-18593.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
zdi
References
Impacted products
Date Public
2023-12-20 22:49
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-51604",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-01T14:34:56.786244Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:56.741Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:40:34.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-1853",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1853/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Saia PG5 Controls Suite",
          "vendor": "Honeywell",
          "versions": [
            {
              "status": "affected",
              "version": "PG5 v2.3.193"
            }
          ]
        }
      ],
      "dateAssigned": "2023-12-20T22:02:27.270Z",
      "datePublic": "2023-12-20T22:49:44.908Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process.\n. Was ZDI-CAN-18593."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-18T18:30:47.737Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-1853",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1853/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-51604",
    "datePublished": "2024-05-03T02:15:30.665Z",
    "dateReserved": "2023-12-20T21:52:34.956Z",
    "dateUpdated": "2024-09-18T18:30:47.737Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-51602 (GCVE-0-2023-51602)

Vulnerability from cvelistv5 – Published: 2024-05-03 02:15 – Updated: 2024-09-18 18:30
VLAI
Title
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Summary
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. . Was ZDI-CAN-18591.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
zdi
References
Impacted products
Vendor Product Version
Honeywell Saia PG5 Controls Suite Affected: PG5 v2.3.193
Create a notification for this product.
honeywell saia_pg5_controls_suite Affected: *
    cpe:2.3:a:honeywell:saia_pg5_controls_suite:-:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-12-20 22:49
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:honeywell:saia_pg5_controls_suite:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "saia_pg5_controls_suite",
            "vendor": "honeywell",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-51602",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-03T18:38:50.340421Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:21:01.406Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:40:33.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-1851",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1851/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Saia PG5 Controls Suite",
          "vendor": "Honeywell",
          "versions": [
            {
              "status": "affected",
              "version": "PG5 v2.3.193"
            }
          ]
        }
      ],
      "dateAssigned": "2023-12-20T22:02:27.255Z",
      "datePublic": "2023-12-20T22:49:37.696Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process.\n. Was ZDI-CAN-18591."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-18T18:30:46.275Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-1851",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1851/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-51602",
    "datePublished": "2024-05-03T02:15:29.225Z",
    "dateReserved": "2023-12-20T21:52:34.955Z",
    "dateUpdated": "2024-09-18T18:30:46.275Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-51601 (GCVE-0-2023-51601)

Vulnerability from cvelistv5 – Published: 2024-05-03 02:15 – Updated: 2024-09-18 18:30
VLAI
Title
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Summary
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of xml files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. . Was ZDI-CAN-18563.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
zdi
References
Impacted products
Date Public
2023-12-20 22:49
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-51601",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-06T20:56:28.606294Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:20:13.625Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:40:34.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-1850",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1850/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Saia PG5 Controls Suite",
          "vendor": "Honeywell",
          "versions": [
            {
              "status": "affected",
              "version": "PG5 v2.3.193"
            }
          ]
        }
      ],
      "dateAssigned": "2023-12-20T22:02:27.249Z",
      "datePublic": "2023-12-20T22:49:33.599Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of xml files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process.\n. Was ZDI-CAN-18563."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-18T18:30:45.526Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-1850",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1850/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-51601",
    "datePublished": "2024-05-03T02:15:28.512Z",
    "dateReserved": "2023-12-20T21:52:34.955Z",
    "dateUpdated": "2024-09-18T18:30:45.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-51600 (GCVE-0-2023-51600)

Vulnerability from cvelistv5 – Published: 2024-05-03 02:15 – Updated: 2024-09-18 18:30
VLAI
Title
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability
Summary
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. . Was ZDI-CAN-18456.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
zdi
References
Impacted products
Date Public
2023-12-20 22:49
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-51600",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-03T14:30:44.991300Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:20:21.664Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:40:34.079Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-1849",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1849/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Saia PG5 Controls Suite",
          "vendor": "Honeywell",
          "versions": [
            {
              "status": "affected",
              "version": "PG5 v2.3.193"
            }
          ]
        }
      ],
      "dateAssigned": "2023-12-20T22:02:27.242Z",
      "datePublic": "2023-12-20T22:49:30.422Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XML files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process.\n. Was ZDI-CAN-18456."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-18T18:30:44.834Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-1849",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1849/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "kimiya"
      },
      "title": "Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-51600",
    "datePublished": "2024-05-03T02:15:27.803Z",
    "dateReserved": "2023-12-20T21:52:34.954Z",
    "dateUpdated": "2024-09-18T18:30:44.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-51591 (GCVE-0-2023-51591)

Vulnerability from cvelistv5 – Published: 2024-05-03 02:15 – Updated: 2024-08-02 22:40
VLAI
Title
Voltronic Power ViewPower Pro doDocument XML External Entity Processing Information Disclosure Vulnerability
Summary
Voltronic Power ViewPower Pro doDocument XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability. The specific flaw exists within the doDocument method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of LOCAL SERVICE. Was ZDI-CAN-22081.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Assigner
zdi
References
Impacted products
Vendor Product Version
Voltronic Power ViewPower Pro Affected: 2.0-22165
Create a notification for this product.
voltronic_power viewpower_pro Affected: 2.0-22165
    cpe:2.3:a:voltronic_power:viewpower_pro:2.0-22165:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2023-12-20 23:09
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:voltronic_power:viewpower_pro:2.0-22165:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "viewpower_pro",
            "vendor": "voltronic_power",
            "versions": [
              {
                "status": "affected",
                "version": "2.0-22165"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-51591",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-03T19:55:36.735112Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:20:22.090Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:40:33.746Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ZDI-23-1895",
            "tags": [
              "x_research-advisory",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1895/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "ViewPower Pro",
          "vendor": "Voltronic Power",
          "versions": [
            {
              "status": "affected",
              "version": "2.0-22165"
            }
          ]
        }
      ],
      "dateAssigned": "2023-12-20T20:45:49.371Z",
      "datePublic": "2023-12-20T23:09:39.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Voltronic Power ViewPower Pro doDocument XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the doDocument method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of LOCAL SERVICE. Was ZDI-CAN-22081."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T02:15:20.820Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "name": "ZDI-23-1895",
          "tags": [
            "x_research-advisory"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1895/"
        }
      ],
      "source": {
        "lang": "en",
        "value": "06fe5fd2bc53027c4a3b7e395af0b850e7b8a044"
      },
      "title": "Voltronic Power ViewPower Pro doDocument XML External Entity Processing Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2023-51591",
    "datePublished": "2024-05-03T02:15:20.820Z",
    "dateReserved": "2023-12-20T20:38:20.870Z",
    "dateUpdated": "2024-08-02T22:40:33.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-50380 (GCVE-0-2023-50380)

Vulnerability from cvelistv5 – Published: 2024-02-27 16:51 – Updated: 2025-03-27 19:53
VLAI
Title
Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server
Summary
XML External Entity injection in apache ambari versions <= 2.7.7, Users are recommended to upgrade to version 2.7.8, which fixes this issue. More Details: Oozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The vulnerability was caused through lack of proper user input validation. This vulnerability is known as an XML External Entity (XXE) injection attack. Attackers can exploit XXE vulnerabilities to read arbitrary files on the server, including sensitive system files. In theory, it might be possible to use this to escalate privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache Ambari Affected: 2.7.0 , ≤ 2.7.7 (semver)
Create a notification for this product.
apache ambari Affected: 2.7.0 , ≤ 2.7.7 (semver)
    cpe:2.3:a:apache:ambari:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:16:46.320Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/qrt7mq7v7zyrh1qsh1gkg1m7clysvy32"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/02/27/6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:ambari:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "ambari",
            "vendor": "apache",
            "versions": [
              {
                "lessThanOrEqual": "2.7.7",
                "status": "affected",
                "version": "2.7.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-50380",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-28T04:00:44.747498Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T19:53:06.868Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Ambari",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.7.7",
              "status": "affected",
              "version": "2.7.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eXML External Entity injection in apache ambari versions \u0026lt;= 2.7.7,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUsers are recommended to upgrade to version 2.7.8, which fixes this issue.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eMore Details:\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eOozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The vulnerability was caused through lack of proper user input validation.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThis vulnerability is known as an XML External Entity (XXE) injection attack. Attackers can exploit XXE vulnerabilities to read arbitrary files on the server, including sensitive system files. In theory, it might be possible to use this to escalate privileges.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "XML External Entity injection in apache ambari versions \u003c= 2.7.7,\u00a0Users are recommended to upgrade to version 2.7.8, which fixes this issue.\n\nMore Details:\n\nOozie Workflow Scheduler had a vulnerability that allowed for root-level file reading and privilege escalation from low-privilege users. The vulnerability was caused through lack of proper user input validation.\n\nThis vulnerability is known as an XML External Entity (XXE) injection attack. Attackers can exploit XXE vulnerabilities to read arbitrary files on the server, including sensitive system files. In theory, it might be possible to use this to escalate privileges."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-27T16:55:14.969Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/qrt7mq7v7zyrh1qsh1gkg1m7clysvy32"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/02/27/6"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Ambari: authenticated users could perform XXE to read arbitrary files on the server",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-50380",
    "datePublished": "2024-02-27T16:51:33.978Z",
    "dateReserved": "2023-12-07T14:14:33.138Z",
    "dateUpdated": "2025-03-27T19:53:06.868Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-50304 (GCVE-0-2023-50304)

Vulnerability from cvelistv5 – Published: 2024-07-18 16:01 – Updated: 2024-08-02 22:16
VLAI
Title
IBM Engineering Requirements Management DOORS XML external entity injection
Summary
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
ibm
Impacted products
Vendor Product Version
IBM Engineering Requirements Management DOORS Affected: 9.7.2.8
    cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.7:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-50304",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T14:41:09.585350Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-23T14:41:54.566Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:16:46.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7160471"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273335"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:engineering_requirements_management_doors:9.7.2.7:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "Engineering Requirements Management DOORS",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "9.7.2.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.  IBM X-Force ID:  273335."
            }
          ],
          "value": "IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.  IBM X-Force ID:  273335."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611 Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-18T16:01:38.174Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7160471"
        },
        {
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273335"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Engineering Requirements Management DOORS XML external entity injection",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-50304",
    "datePublished": "2024-07-18T16:01:38.174Z",
    "dateReserved": "2023-12-07T01:28:46.423Z",
    "dateUpdated": "2024-08-02T22:16:46.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation System Configuration

Many XML parsers and validators can be configured to disable external entity expansion.

CAPEC-221: Data Serialization External Entities Blowup

This attack takes advantage of the entity replacement property of certain data serialization languages (e.g., XML, YAML, etc.) where the value of the replacement is a URI. A well-crafted file could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.