Vulnerability Details CVE-2016-5795
An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 77.8%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 7.5
References
Products affected by CVE-2016-5795
-
cpe:2.3:a:automatedlogic:i-vu:5.2
-
cpe:2.3:a:automatedlogic:i-vu:5.5
-
cpe:2.3:a:automatedlogic:i-vu:6.0
-
cpe:2.3:a:automatedlogic:i-vu:6.5
-
cpe:2.3:a:automatedlogic:sitescan_web:5.2
-
cpe:2.3:a:automatedlogic:sitescan_web:5.5
-
cpe:2.3:a:automatedlogic:sitescan_web:6.1
-
cpe:2.3:a:automatedlogic:sitescan_web:6.5
-
cpe:2.3:a:carrier:automatedlogic_webctrl:5.2
-
cpe:2.3:a:carrier:automatedlogic_webctrl:5.5
-
cpe:2.3:a:carrier:automatedlogic_webctrl:6.0
-
cpe:2.3:a:carrier:automatedlogic_webctrl:6.1
-
cpe:2.3:a:carrier:automatedlogic_webctrl:6.5