Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter. NOTE: the documentation states "These tools are, by default, available to anyone ... so they should only be deployed into a trusted environment. Alternately, the tools can easily be restricted to administrators or end users by protecting the tools path with normal authentication and authorization mechanisms on the web server."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Smartclient 代码问题漏洞
Vulnerability Description
Smartclient是Smartclient公司的一个智能解决方案,使构建基于纯 Web 标准的强大、高效的 Web 应用程序变得简单。 SmartClient 12.0版本中的downloadWSDL功能存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。
CVSS Information
N/A
Vulnerability Type
N/A