CVE-2020-12684

Published: Jul 15, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser.

Affected (1)

Products: Inetsoftware: I Net Clear Reports

Inetsoftware

1 product

I Net Clear Reports

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Inetsoftware I Net Clear Reports	Version 19.0.287

Related CWEs

CWE-611

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases

Source: cve@mitre.org

Release NotesVendor Advisory

https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/changes_20.4

Source: cve@mitre.org

Release NotesVendor Advisory

https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/changes_20.4

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.