Vulnerabilities > CVE-2019-19032 - XXE vulnerability in Xmlblueprint

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

xmlblueprint

CWE-611

exploit available

NVD

Published: 2019-12-30

Updated: 2022-01-01

Summary

XMLBlueprint through 16.191112 is affected by XML External Entity Injection. The impact is: Arbitrary File Read when an XML File is validated. The component is: XML Validate function. The attack vector is: Specially crafted XML payload.

Vulnerable Configurations

Part	Description	Count
Application	Xmlblueprint Xmlblueprint Xmlblueprint 12.170212 Xmlblueprint Xmlblueprint 13.170705 Xmlblueprint Xmlblueprint 14.180220 Xmlblueprint Xmlblueprint 15.181205 Xmlblueprint Xmlblueprint 16.191112	5

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit-Db

id	EDB-ID:47974
last seen	2020-01-29
modified	2020-01-29
published	2020-01-29
reporter	Exploit-DB
source	https://www.exploit-db.com/download/47974
title	XMLBlueprint 16.191112 - XML External Entity Injection

Packetstorm

data source	https://packetstormsecurity.com/files/download/156139/xmlblueprint16-xml.txt
id	PACKETSTORM:156139
last seen	2020-01-30
published	2020-01-29
reporter	Javier Olmedo
source	https://packetstormsecurity.com/files/156139/XMLBlueprint-16.191112-XML-Injection.html
title	XMLBlueprint 16.191112 XML Injection

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References