CVE-2023-6280

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 19, 2023

Updated: Aug 2, 2024

CWE ID 611

Summary

CVE-2023-6280 is a newly identified XML External Entity (XXE) vulnerability affecting versions of 52North WPS prior to 4.0.0-beta.11. This issue enables attackers to leverage external entities in the WebProcessingService servlet, leading to potential file retrieval from the internal network through crafted HTTP requests. The XXE vulnerability poses a significant security risk as it can enable unauthorized access to sensitive data, making it crucial for users to upgrade to a patched version.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ti7Glk
https://www.cve.org/CVERecord?id=CVE-2023-6280
https://nvd.nist.gov/vuln/detail/CVE-2023-6280

Back to Vulnerability Database

CVE-2023-6280

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations