Vulnerabilities > CVE-2020-36124 - XXE vulnerability in Paxtechnology Paxstore 7.0.820200511171508

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

paxtechnology

CWE-611

NVD

Published: 2021-05-07

Updated: 2021-05-13

Summary

Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to manipulate the access tokens to access the platform as any desired user (clients and administrators).

Vulnerable Configurations

Part	Description	Count
Application	Paxtechnology Paxtechnology Paxstore 7.0.8_20200511171508	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://marketing.paxtechnology.com/about-pax
https://www.whatspos.com/
https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670/