High severity8.0NVD Advisory· Published Apr 16, 2018· Updated Jun 17, 2026
CVE-2017-6323
CVE-2017-6323
Description
The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
Affected products
1- Symantec Corporation/ITMSv5Range: Prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6 & ITMS 7.6_POST_HF7
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/98621nvdThird Party AdvisoryVDB Entry
- www.symantec.com/security_response/securityupdates/detail.jspnvdVendor Advisory
News mentions
0No linked articles in our index yet.