Required CVE Record Information
Description
XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted request.
References 3 Total
- securityfocus.com: 20141031 SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access mailing-list
- seclists.org: 20141031 SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access mailing-list
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141031-0_Scalix_Web_Access_XXE_v10.txt
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 3 Total
- securityfocus.com: 20141031 SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access mailing-listx_transferred
- seclists.org: 20141031 SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access mailing-listx_transferred
- https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141031-0_Scalix_Web_Access_XXE_v10.txt x_transferred