Symantec Management Console における XML 外部エンティティの脆弱性
| Title |
Symantec Management Console における XML 外部エンティティの脆弱性
|
| Summary |
Symantec Management Console には、XML 外部エンティティの脆弱性が存在します。
|
| Possible impacts |
情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。 |
| Solution |
ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date |
June 28, 2017, midnight |
| Registration Date |
June 19, 2018, 2:14 p.m. |
| Last Update |
June 19, 2018, 2:14 p.m. |
|
CVSS3.0 : 重要
|
| Score |
8
|
| Vector |
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
CVSS2.0 : 警告
|
| Score |
5.2
|
| Vector |
AV:A/AC:L/Au:S/C:P/I:P/A:P |
Affected System
| シマンテック |
|
Symantec Management Console ITMS 7.6_POST_HF7
|
|
Symantec Management Console ITMS 8.0_POST_HF6
|
|
Symantec Management Console ITMS 8.1 RU1 未満
|
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
| No |
Changed Details |
Date of change |
| 1 |
[2018年06月19日]
掲載 |
June 19, 2018, 2:14 p.m. |
NVD Vulnerability Information
CVE-2017-6323
| Summary |
The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
|
| Publication Date |
April 17, 2018, 4:29 a.m. |
| Registration Date |
Jan. 26, 2021, 1:27 p.m. |
| Last Update |
Nov. 21, 2024, 12:29 p.m. |
Affected software configurations
| Configuration1 |
or higher |
or less |
more than |
less than |
| cpe:2.3:a:symantec:management_console:7.6:hf7:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:symantec:management_console:8.0:hf6:*:*:*:*:*:* |
|
|
|
|
| cpe:2.3:a:symantec:management_console:*:*:*:*:*:*:*:* |
|
|
|
8.1 |
Related information, measures and tools
Common Vulnerabilities List