NEC.ExpressCluster.ApplyConfig.XML.XXE

description-logoDescription

This indicates an attack attempt to exploit an Input Validation Error Vulnerability in NEC EXPRESSCLUSTER X.
The vulnerability is due to insufficient handling of XML external entities in requests processed by clpwebmc.exe. A remote unauthenticated attacker could exploit this vulnerability by sending crafted requests to the target server. Successful exploitation could result in disclosing sensitive information in the context of SYSTEM.

affected-products-logoAffected Products

NEC EXPRESSCLUSTER X 4.1
NEC EXPRESSCLUSTER X 4.2

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.support.nec.co.jp/en/View.aspx?id=9510100319

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-12-02 16.972 Default_action:pass:drop
2020-10-01 16.936