CVE-2022-25628XML External Entity (XXE) Injection in Symantec Identity Governance AND Administration

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 38.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Broadcom Symantec Identity Governance AND Administration
Timeline
PublishedDec 16
Latest updateDec 21

Description

An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 14.4

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-2jx3-p89p-3f69: An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 142022-12-21
CVEList
CVE-2022-25628: An authenticated user can perform XML eXternal Entity injection in Management Console in Symantec Identity Manager 142022-12-16
CVE-2022-25628 — XML External Entity (XXE) Injection | cvebase