CVE-2017-14101 in Conserus Image Repository Archive SolutionИнформация

Сводка

по MITRE

A security researcher found an XML External Entity (XXE) vulnerability on the Conserus Image Repository archive solution version 2.1.1.105 by McKesson Medical Imaging Company, which is now a Change Healthcare company. An unauthenticated user supplying a modified HTTP SOAP request to the vulnerable service allows for arbitrary file read access to the local file system as well as the transmittal of the application service's account hashed credentials to a remote attacker.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Резервировать

01.09.2017

Раскрытие

15.12.2017

Модерация

принято

Вход

VDB-110714

CPE

готов

CWE

CWE-611 (Подтверждённый)

CVSS

9.8 (NVD)

EPSS

0.00499

KEV

Нет

Деятельности

Очень низкий

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-14101
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-14101
CVE Details	https://www.cvedetails.com/cve/CVE-2017-14101/

◂ Предыдущий Обзор Далее ▸

Want to know what is going to be exploited?

We predict KEV entries!