CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed may be disclosed.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Sep 2024 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: jpcert
Published: 2023-10-23T04:51:39.628Z
Updated: 2024-09-17T14:19:52.260Z
Reserved: 2023-09-20T11:52:20.771Z
Link: CVE-2023-43624
Vulnrichment
Updated: 2024-08-02T19:44:43.805Z
NVD
Status : Modified
Published: 2023-10-23T05:15:07.877
Modified: 2024-11-21T08:24:29.470
Link: CVE-2023-43624
Redhat
No data.