Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ETQ Reliance CG < SE.2025.1 / < 2025.1.2 XXE Injection in SSO SAML Handler
Vulnerability Description
An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy) platform within the `/resources/sessions/sso` endpoint. The SAML authentication handler processes XML input without disabling external entity resolution, allowing crafted SAML responses to invoke external entity references. This could enable attackers to retrieve sensitive files or perform server-side request forgery (SSRF). The issue was addressed by disabling external entity processing for the affected XML parser in versions SE.2025.1 and 2025.1.2.
CVSS Information
N/A
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
ETQ Reliance CG 代码问题漏洞
Vulnerability Description
ETQ Reliance CG是美国ETQ公司的一款质量管理系统。 ETQ Reliance CG存在安全漏洞,该漏洞源于/resources/sessions/sso端点未禁用外部实体解析,可能导致XML外部实体注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A