Vulnerabilities > CVE-2020-14029 - XXE vulnerability in Ozeki NG SMS Gateway

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
ozeki
CWE-611
NVD
Published: 2020-09-18
Updated: 2020-09-26

Summary

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files.

Vulnerable Configurations

Part Description Count
Application
Ozeki
372

Common Weakness Enumeration (CWE)

References