CVE-2020-15303

Published: Jun 28, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564.

Affected (3)

Products: Infoblox: Nios

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Infoblox Nios	From 8.4.0 to 8.4.8
Infoblox Nios	Version 8.5.0
Infoblox Nios	Version 8.5.1

Related CWEs

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

References (4)

https://community.infoblox.com/t5/Security/NIOS-XML-Vulnerability/m-p/22437#M1995

Source: cve@mitre.org

Vendor Advisory

https://www.infoblox.com/products/nios8/

Source: cve@mitre.org

ProductVendor Advisory

https://community.infoblox.com/t5/Security/NIOS-XML-Vulnerability/m-p/22437#M1995

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.infoblox.com/products/nios8/

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

Timeline

No history available yet.