Vulnerabilities > CVE-2017-13706 - XXE vulnerability in Lansweeper
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/144527/lansweeper-xxe.txt |
id | PACKETSTORM:144527 |
last seen | 2017-10-08 |
published | 2017-10-06 |
reporter | Mehmet Ince |
source | https://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html |
title | Lansweeper 6.0.100.29 XXE Injection |