CVE-2023-43067

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.0%
top 94.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Dell Unity Operating EnvironmentDell Unity XT Operating EnvironmentDell Unityvsa Operating Environment+1 more
Timeline
PublishedOct 23

Description

Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages4 packages

CVEListV5dell/unityVersions prior to 5.3.0.0.5.120

🔴Vulnerability Details

2
GHSA
GHSA-97mp-43rr-5rcx: Dell Unity prior to 52023-10-23
CVEList
CVE-2023-43067: Dell Unity prior to 52023-10-23
CVE-2023-43067 (MEDIUM CVSS 6.5) | Dell Unity prior to 5.3 contains an | cvebase.io