Unrated severityNVD Advisory· Published Jan 5, 2020· Updated Aug 5, 2024
CVE-2019-20153
CVE-2019-20153
Description
An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload_attach.jsp allows authenticated remote attackers to read arbitrary files (including configuration files containing administrative credentials).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Determine/Contract Lifecycle Management (CLM)description
- Range: =5.4
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.