Openbravo Erp
CVE-2013-3617
LOW
Severity by source
AV:N/AC:M/Au:S/C:P/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:S/C:P/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.
AnalysisAI
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 56.7%.
Technical ContextAI
This vulnerability is classified under CWE-264. The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue. Affected products include: Openbravo Openbravo Erp.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Openbravo Erp
View allOpenbravo ERP before 3.0PR19Q1.3 is affected by Directory Traversal. Rated medium severity (CVSS 5.4), this vulnerabilit
Openbravo Business Suite 3.0 is affected by SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotel
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today