CVE-2023-2806

High PUBLISHED

Weaver e-cology API RequestInfoByXml xml external entity reference

Weaver · e-cology

Not yet in CISA KEV

Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
5.5 Medium

At a Glance

A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. In Weaver e-cology bis 9.0 wurde eine problematische Schwachstelle entdeckt. Das betrifft die Funktion RequestInfoByXml der Komponente API. Mittels Manipulieren mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden.

CVE Published
May 19, 2023
Exploitation Reported
May 19, 2023
CVSS
5.5 Medium
EPSS
Low complexity No user interaction

Affected Versions

Vendor Product Version Status
Weaver
e-cology

9.0

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.