← back
CVE-2024-5625

XML External Entity Injection in PruvaSoft Informatics' Apinizer Management Console

CVSS 6.5 MEDIUMEPSS 0.4%CWE-611
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
18 Jul 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Improper Restriction of XML External Entity Reference vulnerability in PruvaSoft Informatics Apinizer Management Console allows Data Serialization External Entities Blowup. This issue affects Apinizer Management Console: before 2024.05.1.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
PruvaSoft Informatics · Apinizer Management Console

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1010https://www.usom.gov.tr/bildirim/tr-24-1010