Vulnerabilities > CVE-2017-13706 - XXE vulnerability in Lansweeper

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
lansweeper
CWE-611
NVD
Published: 2017-10-10
Updated: 2017-11-05

Summary

XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705.

Vulnerable Configurations

Part Description Count
Application
Lansweeper
99

Common Weakness Enumeration (CWE)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/144527/lansweeper-xxe.txt
idPACKETSTORM:144527
last seen2017-10-08
published2017-10-06
reporterMehmet Ince
sourcehttps://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html
titleLansweeper 6.0.100.29 XXE Injection

References