CVE-2017-6323

Published: Apr 16, 2018Modified: Nov 21, 2024

8.0

Vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: NVD

Description

The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.

Affected (3)

Products: Symantec: Management Console

1 product

Management Console

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Symantec Management Console	Before 8.1
Symantec Management Console	Version 7.6 hf7
Symantec Management Console	Version 8.0 hf6

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

http://www.securityfocus.com/bid/98621

Source: secure@symantec.com

Third Party AdvisoryVDB Entry

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170628_00

Source: secure@symantec.com

Vendor Advisory

http://www.securityfocus.com/bid/98621

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170628_00

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.