QwikSec

Security Database

CVE

CWE

Training

CVE-2018-20687

Published: Nov 18, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/155359/Raritan-CommandCenter-Secure-Gateway-XML-Injection.html

x_refsource_MISC

20191115 Raritan CommandCenter Secure Gateway XML External Entity < 8.0

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.