Vulnerability Details CVE-2020-12684
XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases
- https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/changes_20.4
- https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases
- https://www.inetsoftware.de/documentation/clear-reports/release-notes/releases/changes_20.4
Products affected by CVE-2020-12684
-
cpe:2.3:a:inetsoftware:i-net_clear_reports:19.0.287