MidnightBSD

Advisories for 52north

CVE-2023-6280

An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve-coordination@incibe.es 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L 3.9 2.7
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

Products Affected

Vendor Product Version
52north wps 4.0.0
52north wps *