Avaya WebLM Improper Restriction of XML External Entity Reference
CVE-2020-7032
6.5MEDIUM
Summary
An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2.
Affected Version(s)
WebLM = 8.0.x
WebLM < 7.1.3.6
WebLM < 8.1.2
References
EPSS Score
1% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database