Vulnerabilities > CVE-2020-11541 - XXE vulnerability in Techsmith Snagit

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

techsmith

CWE-611

NVD

Published: 2020-05-08

Updated: 2020-05-14

Summary

In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account.

Vulnerable Configurations

Part	Description	Count
Application	Techsmith Techsmith Snagit 18.2.3 Techsmith Snagit 18.2.4 Techsmith Snagit 18.2.5 Techsmith Snagit 19.0.0 Techsmith Snagit 19.0.1 Techsmith Snagit 19.1.1 Techsmith Snagit 19.1.2 Techsmith Snagit 19.1.3 Techsmith Snagit 19.1.4 Techsmith Snagit 19.1.5 Techsmith Snagit 19.1.6 Techsmith Snagit 20.0.0 Techsmith Snagit 20.0.1 Techsmith Snagit 20.0.2 Techsmith Snagit 20.0.3	15

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://support.techsmith.com/hc/en-us/articles/115006435067-Snagit-Windows-Version-History