QwikSec

Security Database

CVE

CWE

Training

CVE-2017-13706

Published: Oct 10, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

XML external entity (XXE) vulnerability in the import package functionality of the deployment module in Lansweeper before 6.0.100.67 allows remote authenticated users to obtain sensitive information, cause a denial of service, conduct server-side request forgery (SSRF) attacks, conduct internal port scans, or have unspecified other impact via an XML request, aka bug #572705.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20171007 CVE-2017-13706, Lansweeper 6.0.100.29 XXE Vulnerability

mailing-list

x_refsource_FULLDISC

https://www.lansweeper.com/changelog.aspx

x_refsource_CONFIRM

http://packetstormsecurity.com/files/144527/Lansweeper-6.0.100.29-XXE-Injection.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.