Vulnerabilities > CVE-2016-5795 - XXE vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

automatedlogic

carrier

CWE-611

NVD

Published: 2017-08-31

Updated: 2021-07-27

Summary

An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network.

Vulnerable Configurations

Part	Description	Count
Application	Automatedlogic Automatedlogic I VU 5.2 Automatedlogic I VU 5.5 Automatedlogic I VU 6.0 Automatedlogic I VU 6.5 Automatedlogic Sitescan WEB 5.2 Automatedlogic Sitescan WEB 5.5 Automatedlogic Sitescan WEB 6.1 Automatedlogic Sitescan WEB 6.5	8
Application	Carrier Carrier Automatedlogic Webctrl 5.2 Carrier Automatedlogic Webctrl 5.5 Carrier Automatedlogic Webctrl 6.0 Carrier Automatedlogic Webctrl 6.1 Carrier Automatedlogic Webctrl 6.5	5

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References