CVE-2024-7098
XML Injection in SFS Consulting's ww.Winsure
Severity Score
9.2
*CVSS v4
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2.
*Credits:
Kaan ATMACA, Berk İMRAN, Secure Future Inc., Salih ÖZEK
CVSS Scores
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
System
Vulnerable | Subsequent
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-07-25 CVE Reserved
- 2024-09-16 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
- CAPEC-250: XML Injection
References (1)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| SFS Consulting Search vendor "SFS Consulting" | Ww.Winsure Search vendor "SFS Consulting" for product "Ww.Winsure" | < 4.6.2 Search vendor "SFS Consulting" for product "Ww.Winsure" and version " < 4.6.2" | en |
Affected
| ||||||