What is CVE-2013-3617?

CVE-2013-3617 is a vulnerability in Openbravo Openbravo_erp, classified under CWE-264. Published 2013-11-02.

Is CVE-2013-3617 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Openbravo Openbravo_erp

CVE-2013-3617

The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal…

EPSS: 0.567 (98.2th percentile) — read the EPSS interpretation.

Affected products

Openbravo Openbravo_erp — versions 2.40, 2.50
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cret@cert.org (x_refsource_MISC)
VU#533894 (x_refsource_CERT-VN, US Government Resource, Exploit, third-party-advisory)
63431 (Exploit, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2013-3617?: CVE-2013-3617 is a vulnerability in Openbravo Openbravo_erp, classified under CWE-264. Published 2013-11-02.
Is CVE-2013-3617 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.