An issue exists in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload_attach.jsp allows authenticated remote malicious users to read arbitrary files (including configuration files containing administrative credentials).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
determine contract lifecycle management 5.4 |