Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XML External Entity Injection in TecConnect 4.1
Vulnerability Description
A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCom Connect 5.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
TecCom TecConnect 安全漏洞
Vulnerability Description
TecCom TecConnect是德国TecCom公司的一款中间件。 TecCom TecConnect 4.1版本存在安全漏洞,该漏洞源于OpenMessaging webservice存在盲XXE注入,可能导致任意文件泄露。
CVSS Information
N/A
Vulnerability Type
N/A