Raritan CommandCenter Secure Gateway before 8.0.0 Improper Restriction of XML External Entity Reference Vulnerability

Summary

An XML external entity (XXE) vulnerability in CommandCenterWebServices/.*?wsdl in Raritan CommandCenter Secure Gateway before 8.0.0 allows remote unauthenticated users 

 

 

 

 

 

 

 

 

 

 

 

 

 

Credit:

The information has been provided by 

The original article can be found at: https://seclists.org/fulldisclosure/2019/Nov/11

 


Details

To read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

 

Vulnerable Systems:

Raritan CommandCenter Secure Gateway before 8.0.0 

 

CVE Information:

CVE-2018-20687

 

Disclosure Timeline:
Published Date: 11/18/2019