The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/98621 | Third Party Advisory VDB Entry |
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170628_00 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: symantec
Published: 2017-06-28T00:00:00
Updated: 2018-04-17T09:57:01
Reserved: 2017-02-26T00:00:00
Link: CVE-2017-6323
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-04-16T19:29:00.340
Modified: 2018-05-23T14:38:03.660
Link: CVE-2017-6323
JSON object: View
Redhat Information
No data.
CWE