CVE-2023-1288

Summary

An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmesENOVIA Live CollaborationV6R2013xE Golden <= V6R2013xE FP.CFA.2228affected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References