Hillstone Networks

'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

RULE（RULE ID：339562）

Rule General Information


Release Date:		2025-10-28

Rule Name:		Glodon OA ArchiveWebService XML External Entity Injection Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		Glodon OA is a comprehensive office automation solution , aimed at improving work efficiency and collaboration capabilities within organizations. It provides a series of functions and tools to help enterprises manage and process daily office tasks, processes, and documents, and connects various business systems through the "collaboration+" capability to achieve single sign on, proxy aggregation, function aggregation, as well as data integration and business applications. The Glodon OA ArchiveWebService API contains an XML External Entity (XXE) vulnerability that allows an attacker to read local files on the server, perform ArchiveWebService request forgery (SSRF), and carry out other malicious actions.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

Please contact the software vendor to update the software patch.