CVE-2023-43067

Published Oct 23, 2023

Last updated a year ago

CVSS medium 6.5

Overview

Description: Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.
Source: security_alert@emc.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-611
security_alert@emc.com: CWE-611

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39CE8E4C-9B83-4FF4-A662-393566EAAAB5",
            "versionEndExcluding": "5.3.0.0.5.120"
          },
          {
            "criteria": "cpe:2.3:a:dell:unity_xt_operating_environment:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D273B881-FD6C-49AB-BD83-1C12251FAAEC",
            "versionEndExcluding": "5.3.0.0.5.120"
          },
          {
            "criteria": "cpe:2.3:a:dell:unityvsa_operating_environment:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8155312-9B7C-4A0B-A494-3E5D4AE81B40",
            "versionEndExcluding": "5.3.0.0.5.120"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References