The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: certcc
Published: 2013-11-02T19:00:00Z
Updated: 2024-09-17T02:36:55.070Z
Reserved: 2013-05-21T00:00:00Z
Link: CVE-2013-3617
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2013-11-02T19:55:04.523
Modified: 2013-11-21T18:29:55.147
Link: CVE-2013-3617
Redhat
No data.