Is CVE-2015-0923 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ektron Ektron_content_management_system

CVE-2015-0923

The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunc…

EPSS: 0.778 (99.0th percentile) — read the EPSS interpretation.

Affected products

Ektron Ektron_content_management_system — versions 8.5.0, 8.7.0, 8.9.0
N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

VU#377644 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)

Frequently asked questions

What is CVE-2015-0923?: CVE-2015-0923 is a vulnerability in Ektron Ektron_content_management_system. Published 2015-02-14.
Is CVE-2015-0923 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.