CVE-2019-20153
EUVD-2019-1070805.01.2020, 23:15
An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload_attach.jsp allows authenticated remote attackers to read arbitrary files (including configuration files containing administrative credentials).Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| determine | contract_lifecycle_management | 5.4 |
𝑥
= Vulnerable software versions