Page 4 of 31 results (0.000 seconds)
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 4
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 4CVE-2016-4312 – WSO2 Identity Server 5.1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-4312
13 Aug 2016 — XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. NOTE: this issue can be combined with CVE-2016-4311 to exploit the vulnerability without credentials. Vulnerabil... • https://packetstorm.news/files/id/138329 • CWE-611: Improper Restriction of XML External Entity Reference •