|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-12-17 | |
| Rule Name: | Advantech WISE-PaaS RMM RecoveryMgmt checkSchName External Entity Injection Vulnerability (CVE-2019-18227) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | An XXE vulnerability exists in Advantech WISE-PaaS RMM. The vulnerability is due to insufficient input validation when processing HTTP requests in the Java class RecoveryMgmt.A remote, unauthenticated attacker could exploit this vulnerability by sending crafted HTTP requests. Successful exploitation could result in the disclosure of file contents on the target machine. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Others | |
| Reference: | https://www.us-cert.gov/ics/advisories/icsa-19-304-01 ZeroDayInitiative:ZDI-19-936 ZeroDayInitiative:ZDI-19-939 ZeroDayInitiative:ZDI-19-942 |
|
| Solutions |
|---|
| According to the information provided by the manufacturer, this product has been discontinued. Please follow the manufacturer's homepage for relevant information: https://www.advantech.com |