Vulnerabilities > CVE-2023-52239 - XXE vulnerability in Magicsoftware Magic XPI Integration Platform 4.13.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The XML parser in Magic xpi Integration Platform 4.13.4 allows XXE attacks, e.g., via onItemImport.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://ds-security.com/post/xml_external_entity_injection_magic_xpi/
- https://ds-security.com/post/xml_external_entity_injection_magic_xpi/
- https://www2.magicsoftware.com/ver/docs/Downloads/Magicxpi/4.14/Windows/ReleaseNotes4.14.pdf
- https://www2.magicsoftware.com/ver/docs/Downloads/Magicxpi/4.14/Windows/ReleaseNotes4.14.pdf