← Volver a CVEs
CVE-2024-8010
LOW3.5
Descripcion
The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files from the product's file system or access limited HTTP resources reachable via HTTP GET requests to the vulnerable product.
Detalles CVE
Puntuacion CVSS v3.13.5
SeveridadLOW
Vector CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueADJACENT_NETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado4/16/2026
Ultima modificacion4/17/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-611
Referencias
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3581/(ed10eef1-636d-4fbe-9993-6890dfa878f8)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.