This vulnerability allows remote malicious users to disclose sensitive information on affected installations of NI DIAdem. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of GPX files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ni topografix data plugin 2023 |
||
ni diadem 2015 |
||
ni diadem 2014 |
||
ni diadem 2019 |
||
ni diadem 2018 |
||
ni diadem 2017 |
||
ni diadem 2020 |
||
ni diadem 2021 |
||
ni diadem 2022 |
||
ni diadem 2023 |
||
ni veristand 2017 |
||
ni veristand 2016 |
||
ni veristand 2014 |
||
ni veristand 2015 |
||
ni veristand 2013 |
||
ni veristand 2018 |
||
ni veristand 2019 |
||
ni veristand 2020 |
||
ni veristand 2021 |
||
ni veristand 2023 |
||
ni flexlogger 2021 |
||
ni flexlogger 2018 |
||
ni flexlogger 2019 |
||
ni flexlogger 2020 |
||
ni flexlogger 2022 |
||
ni flexlogger 2023 |
Vulmon