|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-08-13 | |
| Rule Name: | Weaver E-Cology deleteRequestInfoByXml XML External Entity Injection Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Weaver Ecology is an enterprise level digital office platform that provides comprehensive collaborative work, process management, knowledge sharing, and other functions to promote internal information flow and digital transformation of business processes. An XML external entity injection vulnerability exists in the deleteRequestInfoByXml interface, which could allow an attacker to obtain sensitive system information and execute malicious system commands. | |
| Impact: | An attacker could exploit this vulnerability to have unspecified effect. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |