CVE-2023-6280

HIGH

52north WPS < 4.0.0-beta.11 - XML External Entity Injection via WebProcessingService Servlet

Title source: llm

Description

An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/xml-external-entity-reference-52north-wps

Scores

CVSS v3 7.2

EPSS 0.0063

EPSS Percentile 45.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

Details

CWE

CWE-611

Status published

Products (2)

52north/wps 4.0.0 beta1 (10 CPE variants)

52north/wps < 4.0.0

Published Dec 19, 2023

Tracked Since Feb 18, 2026