CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-12684

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1340%
EPSS Percentile2.32th
Published2020年7月15日
Last Modified2024年11月21日

Vulnerability Description

XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser.

Affected Platforms (CPE)

📦
Inetsoftware

I Net Clear Reports

= 19.0.287

References & Advisories

🔗 https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases
🔗 https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/changes_20.4
🔗 https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases
🔗 https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/changes_20.4

関連する脆弱性情報

CVE-2020-114319.1

The documentation component in i-net Clear Reports 16.0 to 19.2, HelpDesk 8.0 to 8.3, and PDFC 4.3 to 6.2 allows a remote unauthen...

CVE-2021-471037.8

In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk->sk_rx_dst to RCU rules syzbot report...

CVE-2020-281506.1

I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, ...

CVE-2026-232555.5

In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwe...