An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter.
References
Link | Resource |
---|---|
https://seclists.org/fulldisclosure/2020/Feb/18 | Exploit Mailing List Third Party Advisory |
https://blog.certimetergroup.com/it/articolo/security/smartclient-v12-xml-external-entity--cve-2020-9352 | Exploit Third Party Advisory |
Configurations
Information
Published : 2020-02-22 18:15
Updated : 2022-04-18 08:58
NVD link : CVE-2020-9352
Mitre link : CVE-2020-9352
JSON object : View
CWE
CWE-611
Improper Restriction of XML External Entity Reference
Products Affected
smartclient
- smartclient