Vulnerability-Lookup

CVE-2015-2346 (GCVE-0-2015-2346)

Vulnerability from cvelistv5 – Published: 2015-05-18 15:00 – Updated: 2024-08-06 05:10

Summary

XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

FKIE_CVE-2015-2346

Vulnerability from fkie_nvd - Published: 2015-05-18 15:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/131459/Huawei-SEQ-Analyst-XXE-Injection.html
cve@mitre.org	http://seclists.org/fulldisclosure/2015/Apr/42	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/131459/Huawei-SEQ-Analyst-XXE-Injection.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2015/Apr/42	Exploit

Impacted products

	Vendor	Product	Version
	huawei	seq_analyst	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:huawei:seq_analyst:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "948B29F2-4BDA-42BB-97DC-BB3E88CB72EE",
              "versionEndIncluding": "v200r002c03lg0001spc100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XML External Entity (XXE) en Huawei SEQ Analyst en versiones anteriores aV200R002C03LG0001CP0022 permite a usuarios remotos autenticados leer archivos arbitrarios a trav\u00e9s del par\u00e1metro req."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/611.html\"\u003eCWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027)\u003c/a\u003e",
  "id": "CVE-2015-2346",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-05-18T15:59:06.777",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/131459/Huawei-SEQ-Analyst-XXE-Injection.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2015/Apr/42"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/131459/Huawei-SEQ-Analyst-XXE-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2015/Apr/42"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201505-0364

Vulnerability from variot - Updated: 2025-04-13 23:25

XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. Supplementary information : CWE Vulnerability type by CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (XML Inappropriate restrictions on external entity references ) Has been identified. Huawei SEQ Analyst is a set of service quality monitoring and management platform of a single user and multiple suppliers of China Huawei (Huawei). The platform provides functions such as service debugging, user complaint handling, troubleshooting, user experience management and deployment of value-added services

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201505-0364",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "seq analyst",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "huawei",
        "version": "v200r002c03lg0001spc100"
      },
      {
        "model": "seq analyst",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "huawei",
        "version": "v200r002c03lg0001cp0022"
      },
      {
        "model": "seq analyst",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "huawei",
        "version": "v200r002c03lg0001spc100"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2346"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:huawei:seq_analyst",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002723"
      }
    ]
  },
  "cve": "CVE-2015-2346",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2015-2346",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-80307",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-2346",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-2346",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201505-309",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-80307",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80307"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2346"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. Supplementary information : CWE Vulnerability type by CWE-611: Improper Restriction of XML External Entity Reference (\u0027XXE\u0027) (XML Inappropriate restrictions on external entity references ) Has been identified. Huawei SEQ Analyst is a set of service quality monitoring and management platform of a single user and multiple suppliers of China Huawei (Huawei). The platform provides functions such as service debugging, user complaint handling, troubleshooting, user experience management and deployment of value-added services",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2346"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002723"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80307"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-2346",
        "trust": 2.5
      },
      {
        "db": "PACKETSTORM",
        "id": "131459",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002723",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-309",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-80307",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80307"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2346"
      }
    ]
  },
  "id": "VAR-201505-0364",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80307"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-13T23:25:14.223000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Notice - Statement about Two Vulnerabilities in SEQ Analyst Product",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-424267.htm"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002723"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002723"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2346"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2015/apr/42"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/131459/huawei-seq-analyst-xxe-injection.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2346"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2346"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80307"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2346"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-80307"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-309"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2346"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80307"
      },
      {
        "date": "2015-05-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002723"
      },
      {
        "date": "2015-05-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-309"
      },
      {
        "date": "2015-05-18T15:59:06.777000",
        "db": "NVD",
        "id": "CVE-2015-2346"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80307"
      },
      {
        "date": "2015-05-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-002723"
      },
      {
        "date": "2015-05-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201505-309"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2015-2346"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201505-309"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Huawei SEQ Analyst of  XML Vulnerability to read arbitrary files in external entities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-002723"
      }
    ],
    "trust": 0.8
  }
}

GSD-2015-2346

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.

Aliases

CVE-2015-2346

Aliases

CVE-2015-2346

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-2346",
    "description": "XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.",
    "id": "GSD-2015-2346",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-2346"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-2346"
      ],
      "details": "XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.",
      "id": "GSD-2015-2346",
      "modified": "2023-12-13T01:20:00.734954Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-2346",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20150415 Huawei SEQ Analyst - XML External Entity Injection (XXE)",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2015/Apr/42"
          },
          {
            "name": "http://packetstormsecurity.com/files/131459/Huawei-SEQ-Analyst-XXE-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/131459/Huawei-SEQ-Analyst-XXE-Injection.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:huawei:seq_analyst:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "v200r002c03lg0001spc100",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2346"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150415 Huawei SEQ Analyst - XML External Entity Injection (XXE)",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Apr/42"
            },
            {
              "name": "http://packetstormsecurity.com/files/131459/Huawei-SEQ-Analyst-XXE-Injection.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/131459/Huawei-SEQ-Analyst-XXE-Injection.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-03T03:05Z",
      "publishedDate": "2015-05-18T15:59Z"
    }
  }
}

CNVD-2015-03219

Vulnerability from cnvd - Published: 2015-05-20

Title

Huawei SEQ Analyst XML外部实体漏洞

Description

Huawei SEQ Analyst是中国华为（Huawei）公司的一套业务质量监测和管理单个用户和多个供应商之间关系的平台。该平台提供服务调试、用户投诉处理、故障排除、用户体验管理和增值服务的部署等功能。 Huawei SEQ Analyst V200R002C03LG0001CP0022之前版本存在XML外部实体漏洞。远程攻击者可通过'req'参数利用该漏洞读取任意文件。

Severity

中

Patch Name

Huawei SEQ Analyst XML外部实体漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： http://download.huawei.com/download/filedownload.do?modelID=bulletin&refID=IN0000056669,101

Reference

http://seclists.org/fulldisclosure/2015/Apr/42

Impacted products

Name
Huawei SEQ Analyst <V200R002C03LG0001CP0022

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2346"
    }
  },
  "description": "Huawei SEQ Analyst\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e1a\u52a1\u8d28\u91cf\u76d1\u6d4b\u548c\u7ba1\u7406\u5355\u4e2a\u7528\u6237\u548c\u591a\u4e2a\u4f9b\u5e94\u5546\u4e4b\u95f4\u5173\u7cfb\u7684\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u670d\u52a1\u8c03\u8bd5\u3001\u7528\u6237\u6295\u8bc9\u5904\u7406\u3001\u6545\u969c\u6392\u9664\u3001\u7528\u6237\u4f53\u9a8c\u7ba1\u7406\u548c\u589e\u503c\u670d\u52a1\u7684\u90e8\u7f72\u7b49\u529f\u80fd\u3002\r\n\r\nHuawei SEQ Analyst V200R002C03LG0001CP0022\u4e4b\u524d\u7248\u672c\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u0027req\u0027\u53c2\u6570\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002",
  "discovererName": "Ugur Cihan Koc",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://download.huawei.com/download/filedownload.do?modelID=bulletin\u0026refID=IN0000056669,101",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03219",
  "openTime": "2015-05-20",
  "patchDescription": "Huawei SEQ Analyst\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e1a\u52a1\u8d28\u91cf\u76d1\u6d4b\u548c\u7ba1\u7406\u5355\u4e2a\u7528\u6237\u548c\u591a\u4e2a\u4f9b\u5e94\u5546\u4e4b\u95f4\u5173\u7cfb\u7684\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u670d\u52a1\u8c03\u8bd5\u3001\u7528\u6237\u6295\u8bc9\u5904\u7406\u3001\u6545\u969c\u6392\u9664\u3001\u7528\u6237\u4f53\u9a8c\u7ba1\u7406\u548c\u589e\u503c\u670d\u52a1\u7684\u90e8\u7f72\u7b49\u529f\u80fd\u3002 \r\n\r\nHuawei SEQ Analyst V200R002C03LG0001CP0022\u4e4b\u524d\u7248\u672c\u5b58\u5728XML\u5916\u90e8\u5b9e\u4f53\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u0027req\u0027\u53c2\u6570\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Huawei SEQ Analyst XML\u5916\u90e8\u5b9e\u4f53\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Huawei SEQ Analyst \u003cV200R002C03LG0001CP0022"
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2015/Apr/42",
  "serverity": "\u4e2d",
  "submitTime": "2015-05-19",
  "title": "Huawei SEQ Analyst XML\u5916\u90e8\u5b9e\u4f53\u6f0f\u6d1e"
}

GHSA-MX8C-VX98-66GQ

Vulnerability from github – Published: 2022-05-17 03:33 – Updated: 2022-05-17 03:33

Details

XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-2346"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-05-18T15:59:00Z",
    "severity": "MODERATE"
  },
  "details": "XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter.",
  "id": "GHSA-mx8c-vx98-66gq",
  "modified": "2022-05-17T03:33:57Z",
  "published": "2022-05-17T03:33:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2346"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/131459/Huawei-SEQ-Analyst-XXE-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2015/Apr/42"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-2346 (GCVE-0-2015-2346)

FKIE_CVE-2015-2346

VAR-201505-0364

GSD-2015-2346

CNVD-2015-03219

GHSA-MX8C-VX98-66GQ

Tags

Sightings

Nomenclature