Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser.
CVSS Information
N/A
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Schneider Electric EcoStruxure Building Operation WebReports 代码问题漏洞
Vulnerability Description
施耐德电气 Schneider Electric EcoStruxure Building Operation WebReports是法国施耐德电气公司的一个企业级楼宇控制系统的基于Web的控制平台。 Schneider Electric EcoStruxure Building Operation WebReports 1.9版本至3.1版本存在代码问题漏洞,该漏洞允许经过验证的远程用户能够注入任意XML代码和获得披露机密数据,拒绝服务,服务器端请求伪造由于不适当的XML解析器的配置。
CVSS Information
N/A
Vulnerability Type
N/A