Vulnerabilities > CVE-2023-6280 - XXE vulnerability in 52North WPS

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

52north

CWE-611

NVD

Published: 2023-12-19

Updated: 2024-08-02

Summary

An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.

Vulnerable Configurations

Part	Description	Count
Application	52North 52North WPS - 52North WPS 1.0 52North WPS 2.0 52North WPS 3.0 52North WPS 3.1.0 52North WPS 3.1.1 52North WPS 3.2.0 52North WPS 3.3.0 52North WPS 3.3.1 52North WPS 3.4.0 52North WPS 3.5.0 52North WPS 3.6.0 52North WPS 3.6.1 52North WPS 4.0.0	23

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://www.incibe.es/en/incibe-cert/notices/aviso/xml-external-entity-reference-52north-wps