{ "id": "CVE-2023-28008", "sourceIdentifier": "psirt@hcl.com", "published": "2023-04-26T20:15:10.000", "lastModified": "2023-05-05T20:28:08.970", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\n" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 5.2 }, { "source": "psirt@hcl.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, "impactScore": 4.2 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-611" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:hcltech:workload_automation:9.4.0:-:*:*:*:*:*:*", "matchCriteriaId": "CA6DCFCA-DADD-4C0A-83C0-EF04662D3336" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hcltech:workload_automation:9.4.0:fix_pack_3:*:*:*:*:*:*", "matchCriteriaId": "920EC080-63D0-4280-8553-9D94E6109864" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hcltech:workload_automation:9.4.0:fix_pack_4:*:*:*:*:*:*", "matchCriteriaId": "FF9AA9A1-7D68-469D-BD78-3A89660E4670" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hcltech:workload_automation:9.4.0:fix_pack_5:*:*:*:*:*:*", "matchCriteriaId": "BEE9D4C8-988A-49DA-BA64-BE30FBF792B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hcltech:workload_automation:9.4.0:fix_pack_6:*:*:*:*:*:*", "matchCriteriaId": "8B7A9E28-F984-4319-8FF9-9FC05956BF56" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hcltech:workload_automation:9.4.0:fix_pack_7:*:*:*:*:*:*", "matchCriteriaId": "7D6D1F27-AFB0-41D3-B7B3-2CBEA1BA2F51" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hcltech:workload_automation:9.5.0:-:*:*:*:*:*:*", "matchCriteriaId": "A8C0B3D9-9382-4184-830A-6CBFD65A6607" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hcltech:workload_automation:9.5.0:fix_pack_1:*:*:*:*:*:*", "matchCriteriaId": "A5537FD3-5D22-493F-93CD-03D363F7ECE6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hcltech:workload_automation:9.5.0:fix_pack_2:*:*:*:*:*:*", "matchCriteriaId": "DE0E395E-4C04-4D25-8A91-6A6570060C39" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hcltech:workload_automation:9.5.0:fix_pack_3:*:*:*:*:*:*", "matchCriteriaId": "6D9EEC0B-7AA6-4CAB-BF48-70227724E3AB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hcltech:workload_automation:9.5.0:fix_pack_4:*:*:*:*:*:*", "matchCriteriaId": "00D7C273-9FCB-4AE3-BF02-51DC2B57A460" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hcltech:workload_automation:9.5.0:fix_pack_5:*:*:*:*:*:*", "matchCriteriaId": "560A2BF4-AE58-4847-B2C0-47A9CC79D760" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hcltech:workload_automation:9.5.0:fix_pack_6:*:*:*:*:*:*", "matchCriteriaId": "5F3BA39B-8216-47D7-873E-55DD1F681360" }, { "vulnerable": true, "criteria": "cpe:2.3:a:hcltech:workload_automation:10.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "8027DF38-47A2-49E7-AEEB-35BFA0759B74" } ] } ] } ], "references": [ { "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0104371", "source": "psirt@hcl.com", "tags": [ "Vendor Advisory" ] } ] }