VDB
CVE-2015-0923
CVE-2015-0923
PUBLISHED
CVSS 5 MEDIUM
The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.
EPSS 77.78% · 99.0th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
77.78%
99.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ektron | ektron_content_management_system | 8.5.0, 8.7.0, 8.7.0 |
| n/a | n/a | n/a |
Timeline
- Feb 14, 2015 CVE Published
- Mar 4, 2017 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Jun 19, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Feb 6, 2025 PoC Published
- Feb 23, 2025 PoC Published
- Mar 17, 2025 EPSS Score
- Mar 19, 2025 EPSS Score
- Mar 21, 2025 EPSS Score
References
- VU#377644 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-0923 advisory