Vulnerability Description
Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Unity Operating Environment | < 5.3.0.0.5.120 |
| Dell | Unity Xt Operating Environment | < 5.3.0.0.5.120 |
| Dell | Unityvsa Operating Environment | < 5.3.0.0.5.120 |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unityVendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unityVendor Advisory
FAQ
What is CVE-2023-43067?
CVE-2023-43067 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.
How severe is CVE-2023-43067?
CVE-2023-43067 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-43067?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Unity Operating Environment, Dell Unity Xt Operating Environment, Dell Unityvsa Operating Environment.