Vulnerability Description
The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Management Console | < 8.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/98621Third Party AdvisoryVDB Entry
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securiVendor Advisory
- http://www.securityfocus.com/bid/98621Third Party AdvisoryVDB Entry
- https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securiVendor Advisory
FAQ
What is CVE-2017-6323?
CVE-2017-6323 is a vulnerability with a CVSS score of 8.0 (HIGH). The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly con...
How severe is CVE-2017-6323?
CVE-2017-6323 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-6323?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Management Console.