Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external entity injection lead to External Service interaction & Internal file read in Business Central and also Kie-Server APIs.
CVSS Information
N/A
Vulnerability Type
XML注入(XPath盲注)
Vulnerability Title
Business-central 代码问题漏洞
Vulnerability Description
Business-central是一个软件包。 Business-central 存在安全漏洞,该漏洞源于可能收到 XML 外部实体注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A