CVE-2016-8275 — MEDIUM (6.5)

Vulnerability Description

Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Huawei	Anyoffice	v200r006c00

Related Weaknesses (CWE)

CWE-20

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160907-01-anyoffiVendor Advisory
http://www.securityfocus.com/bid/93010Third Party AdvisoryVDB Entry
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160907-01-anyoffiVendor Advisory
http://www.securityfocus.com/bid/93010Third Party AdvisoryVDB Entry

FAQ

What is CVE-2016-8275?

CVE-2016-8275 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb.

How severe is CVE-2016-8275?

CVE-2016-8275 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-8275?

Check the references section above for vendor advisories and patch information. Affected products include: Huawei Anyoffice.