CVE-2023-28008 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.1 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
HCL	CNA	7.1 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Vendor	Product	Version
hcltech	workload_automation	9.4.0
hcltech	workload_automation	9.4.0:fix_pack_3
hcltech	workload_automation	9.4.0:fix_pack_4
hcltech	workload_automation	9.4.0:fix_pack_5
hcltech	workload_automation	9.4.0:fix_pack_6
hcltech	workload_automation	9.4.0:fix_pack_7
hcltech	workload_automation	9.5.0
hcltech	workload_automation	9.5.0:fix_pack_1
hcltech	workload_automation	9.5.0:fix_pack_2
hcltech	workload_automation	9.5.0:fix_pack_3
hcltech	workload_automation	9.5.0:fix_pack_4
hcltech	workload_automation	9.5.0:fix_pack_5
hcltech	workload_automation	9.5.0:fix_pack_6
hcltech	workload_automation	10.1.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-611 - Improper Restriction of XML External Entity Reference
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0104371

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0104371