XML External Entity Vulnerability in Huawei SEQ Analyst
CVE-2015-2346

Currently unrated

Key Information:

Vendor: Huawei
Status: Seq Analyst
Vendor: CVE Published:; 18 May 2015

Summary

The vulnerability in Huawei SEQ Analyst enables remote authenticated users to exploit XML External Entity (XXE) injection, which allows unauthorized access to arbitrary files on the server through manipulation of the req parameter. This exposure can lead to significant security risks, including disclosure of sensitive configuration files or user data. It is important for users of the affected versions to apply the necessary patches to mitigate this threat.

References

http://seclists.org/fulldisclosure/2015/Apr/42

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/131459/Huawei-SEQ-An...

x_refsource_MISC

Timeline

Vulnerability published
May 18, 2015
Vulnerability Reserved
Mar 18, 2015