CVE-2017-6323

{"id": "CVE-2017-6323", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.2, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2018-04-16T19:29:00.340", "references": [{"url": "http://www.securityfocus.com/bid/98621", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@symantec.com"}, {"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170628_00", "tags": ["Vendor Advisory"], "source": "secure@symantec.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts."}, {"lang": "es", "value": "Symantec Management Console, en versiones anteriores a la ITMS 8.1 RU1, ITMS 8.0_POST_HF6 e ITMS 7.6_POST_HF7, tiene un problema por el cual las entradas XML que contienen una referencia a una entidad externa son procesadas por un analizador XML mal configurado. Este ataque podr\u00eda conducir a la revelaci\u00f3n de datos confidenciales, denegaci\u00f3n de servicio (DoS), Server-Side Request Forgery, escaneo de puertos desde la perspectiva de la m\u00e1quina en la que est\u00e1 el analizador y otros impactos del sistema."}], "lastModified": "2018-05-23T14:38:03.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:management_console:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B267A2A-6418-4465-89DE-6162EB657F73", "versionEndExcluding": "8.1"}, {"criteria": "cpe:2.3:a:symantec:management_console:7.6:hf7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "625B07E1-76DD-4A78-9506-F15C8E61CB58"}, {"criteria": "cpe:2.3:a:symantec:management_console:8.0:hf6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "078D2993-8477-4241-93E0-B5ADEC1DEB18"}], "operator": "OR"}]}], "sourceIdentifier": "secure@symantec.com"}