Vulnerabilities > CVE-2015-2346 - Unspecified vulnerability in Huawei SEQ Analyst

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
huawei
NVD
Published: 2015-05-18
Updated: 2016-12-03

Summary

XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>

Vulnerable Configurations

Part Description Count
Application
Huawei
1

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/131459/huaweiseqanalyst-xxe.txt
idPACKETSTORM:131459
last seen2016-12-05
published2015-04-16
reporterUgur Cihan KOC
sourcehttps://packetstormsecurity.com/files/131459/Huawei-SEQ-Analyst-XXE-Injection.html
titleHuawei SEQ Analyst XXE Injection

References