CVE-2016-2340

EUVD-2016-3424
The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
granitedsgranite_data_services
3.1.1-snapshot
𝑥
= Vulnerable software versions
References
http://www.kb.cert.org/vuls/id/279472
http://www.securityfocus.com/bid/85426
http://www.kb.cert.org/vuls/id/279472
http://www.securityfocus.com/bid/85426