CVE-2023-6280

An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
INCIBECNA
7.2 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
52northwps
𝑥
< 4.0.0
52northwps
4.0.0:beta1
52northwps
4.0.0:beta10
52northwps
4.0.0:beta2
52northwps
4.0.0:beta3
52northwps
4.0.0:beta4
52northwps
4.0.0:beta5
52northwps
4.0.0:beta6
52northwps
4.0.0:beta7
52northwps
4.0.0:beta8
52northwps
4.0.0:beta9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.incibe.es/en/incibe-cert/notices/aviso/xml-external-entity-reference-52north-wps
https://www.incibe.es/en/incibe-cert/notices/aviso/xml-external-entity-reference-52north-wps