RULE(RULE ID:331172)

Rule General Information
Release Date: 2020-09-15
Rule Name: Yonyou GRP-u8 XML External Entity Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Yonyou GRP-U8R10 administrative business financial management software is a new generation product launched by UFIDA focusing on national e-government business based on cloud computing technology. It is the most professional government financial management software in the field of administrative business finance in my country. When the user can control the parameters in the command execution function, malicious system commands can be injected into normal commands, causing command execution attacks
Impact: An attacker could exploit this vulnerability to have unspecified effect.
Affected OS: Windows
Reference:
Solutions
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.