CVE-2015-0923
Last modified
CVE-2015-0923 is a vulnerability of currently unknown severity. The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.. EPSS estimates a 22.03% chance of exploitation in the next 30 days.
Description
The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ektron | Ektron Content Management System | 8.5.0 |
| Ektron | Ektron Content Management System | 8.7.0 |
| Ektron | Ektron Content Management System | 8.9.0 |
References
- http://www.kb.cert.org/vuls/id/377644US Government Resource
- http://www.kb.cert.org/vuls/id/377644US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-0923?
How severe is CVE-2015-0923?
How do I fix CVE-2015-0923?
Are you affected by CVE-2015-0923?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST