Vulnerability Description
An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Automatedlogic | I-Vu | <= 6.5 |
| Automatedlogic | Sitescan Web | <= 6.5 |
| Carrier | Automatedlogic Webctrl | <= 6.5 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100558Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-150-01MitigationThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/100558Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-150-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2016-5795?
CVE-2016-5795 is a vulnerability with a CVSS score of 7.3 (HIGH). An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker coul...
How severe is CVE-2016-5795?
CVE-2016-5795 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5795?
Check the references section above for vendor advisories and patch information. Affected products include: Automatedlogic I-Vu, Automatedlogic Sitescan Web, Carrier Automatedlogic Webctrl.