CVE-2023-43067: XEE
First published: Mon Oct 23 2023(Updated: )
Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell Unity Operating Environment | <5.3.0.0.5.120 | |
| Dell Unity Xt Operating Environment | <5.3.0.0.5.120 | |
| Dell Unityvsa Operating Environment | <5.3.0.0.5.120 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Dell Unity vulnerability?
The vulnerability ID for this Dell Unity vulnerability is CVE-2023-43067.
What is the severity of CVE-2023-43067?
CVE-2023-43067 has a severity of 6.5 (medium).
What is the affected software for CVE-2023-43067?
The affected software for CVE-2023-43067 includes Dell Unity Operating Environment, Dell Unity Xt Operating Environment, and Dell Unityvsa Operating Environment.
What is an XML External Entity (XXE) injection vulnerability?
An XML External Entity (XXE) injection vulnerability is a type of attack that allows an attacker to exploit vulnerable XML parsers and gain unauthorized access to sensitive data or systems.
How can an XXE attack exploit CVE-2023-43067?
An XXE attack can exploit CVE-2023-43067 by injecting malicious XML entities that disclose local files in the file system.
- collector/nvd-api
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/dell
- canonical/dell unity operating environment
- canonical/dell unity xt operating environment
- canonical/dell unityvsa operating environment