CVE-2017-6323
HIGHSymantec Management Console < 8.1 - XML External Entity Injection
Title source: llmDescription
The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170628_00
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98621
Scores
CVSS v3
8.0
EPSS
0.0019
EPSS Percentile
40.8%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-611
Status
published
Products (3)
symantec/management_console
7.6 hf7
symantec/management_console
8.0 hf6
symantec/management_console
< 8.1
Published
Apr 16, 2018
Tracked Since
Feb 18, 2026