'; } else{ echo ''; } echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "update1.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "update1.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "update1.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "update1.hp-telecom.com") { echo ''; echo 'hp-telecom'; } elseif ($_SERVER[HTTP_HOST] == "update1.maipu.com") { echo ''; echo 'Maipu'; } elseif ($_SERVER[HTTP_HOST] == "update1.ncurity.com") { echo ''; echo 'Ncurity'; } elseif ($_SERVER[HTTP_HOST] == "update1.socusnetwork.com") { echo ''; echo 'Socusnetwork'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

vul_app:yonyou_nc_xxe_vul(Rule ID:1070210471)

Release Date2025/9/15

Rule NameYonyou NC smartweb2.RPC.d XXE Vulnerability

Severity:high

CVE ID

 

Descripiton

Yonyou NC is a management software launched by Yonyou Company, targeting large enterprises and groups. It supports enterprise management functions such as finance, supply chain, and human resources, helping enterprises achieve digital management and efficient operation. The smartweb2.RPC.d interface of the Yonyou NC system has an XML external entity injection vulnerability. Attackers can exploit this vulnerability to conduct attacks such as file reading and internal network port scanning. This rule supports to defend the A6: Vulnerable and Outdated Components of OWASP Top 10 - 2021.
Other reference:None

 

Solution

Update vendor patches.