Security Advisory

CVE-2024-6893

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-08-07 23:22:08

Last updated 2024-08-08 13:14:39

Assigner KoreLogic

State PUBLISHED

Description

The "soap_cgi.pyc" API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.

← Browse all CVEs View on cve.org ↗