CVE-2023-28008: HCL Workload Automation is vulnerable to XML External Entity (XXE) Injection
First published: Wed Apr 26 2023(Updated: )
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Credit: psirt@hcl.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hcltech Workload Automation | =9.4.0 | |
| Hcltech Workload Automation | =9.4.0-fix_pack_3 | |
| Hcltech Workload Automation | =9.4.0-fix_pack_4 | |
| Hcltech Workload Automation | =9.4.0-fix_pack_5 | |
| Hcltech Workload Automation | =9.4.0-fix_pack_6 | |
| Hcltech Workload Automation | =9.4.0-fix_pack_7 | |
| Hcltech Workload Automation | =9.5.0 | |
| Hcltech Workload Automation | =9.5.0-fix_pack_1 | |
| Hcltech Workload Automation | =9.5.0-fix_pack_2 | |
| Hcltech Workload Automation | =9.5.0-fix_pack_3 | |
| Hcltech Workload Automation | =9.5.0-fix_pack_4 | |
| Hcltech Workload Automation | =9.5.0-fix_pack_5 | |
| Hcltech Workload Automation | =9.5.0-fix_pack_6 | |
| Hcltech Workload Automation | =10.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-28008?
CVE-2023-28008 is a vulnerability in HCL Workload Automation 9.4, 9.5, and 10.1 that allows for XML External Entity Injection (XXE) attacks.
What is the severity of CVE-2023-28008?
CVE-2023-28008 has a severity rating of 8.1 (High).
How can a remote attacker exploit the CVE-2023-28008 vulnerability?
A remote attacker can exploit the CVE-2023-28008 vulnerability by sending specially crafted XML data to the affected HCL Workload Automation instances, leading to XML External Entity Injection (XXE) attacks.
Which versions of HCL Workload Automation are affected by CVE-2023-28008?
HCL Workload Automation versions 9.4, 9.5, and 10.1 are affected by CVE-2023-28008.
How can I fix the CVE-2023-28008 vulnerability?
To fix the CVE-2023-28008 vulnerability, it is recommended to apply the necessary security patches or updates provided by HCL Technologies.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/title
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/hcltech
- canonical/hcltech workload automation
- version/hcltech workload automation/9.4.0
- version/hcltech workload automation/9.4.0-fix_pack_3
- version/hcltech workload automation/9.4.0-fix_pack_4
- version/hcltech workload automation/9.4.0-fix_pack_5
- version/hcltech workload automation/9.4.0-fix_pack_6
- version/hcltech workload automation/9.4.0-fix_pack_7
- version/hcltech workload automation/9.5.0
- version/hcltech workload automation/9.5.0-fix_pack_1
- version/hcltech workload automation/9.5.0-fix_pack_2
- version/hcltech workload automation/9.5.0-fix_pack_3
- version/hcltech workload automation/9.5.0-fix_pack_4
- version/hcltech workload automation/9.5.0-fix_pack_5
- version/hcltech workload automation/9.5.0-fix_pack_6
- version/hcltech workload automation/10.1.0