CyberSec.Space Logo
Back to CVE Browser

CVE-2020-12684

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1340%
EPSS Percentile2.32th
PublishedJul 15, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser.

Affected Platforms (CPE)

πŸ“¦
Inetsoftware

I Net Clear Reports

= 19.0.287

References & Advisories

πŸ”— https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases
πŸ”— https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/changes_20.4
πŸ”— https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases
πŸ”— https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/changes_20.4

Related Vulnerabilities

CVE-2020-114319.1

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthen...

CVE-2021-471037.8

In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk->sk_rx_dst to RCU rules syzbot report...

CVE-2020-281506.1

I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, ...

CVE-2026-232555.5

In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwe...