Sign-up

ID

VAR-201505-0364


CVE

CVE-2015-2346


TITLE

Huawei SEQ Analyst of XML Vulnerability to read arbitrary files in external entities

Trust: 0.8

sources: JVNDB: JVNDB-2015-002723

DESCRIPTION

XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. Supplementary information : CWE Vulnerability type by CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (XML Inappropriate restrictions on external entity references ) Has been identified. Huawei SEQ Analyst is a set of service quality monitoring and management platform of a single user and multiple suppliers of China Huawei (Huawei). The platform provides functions such as service debugging, user complaint handling, troubleshooting, user experience management and deployment of value-added services

Trust: 1.71

sources: NVD: CVE-2015-2346 // JVNDB: JVNDB-2015-002723 // VULHUB: VHN-80307

AFFECTED PRODUCTS

vendor:huaweimodel:seq analystscope:lteversion:v200r002c03lg0001spc100

Trust: 1.0

vendor:huaweimodel:seq analystscope:ltversion:v200r002c03lg0001cp0022

Trust: 0.8

vendor:huaweimodel:seq analystscope:eqversion:v200r002c03lg0001spc100

Trust: 0.6

sources: JVNDB: JVNDB-2015-002723 // CNNVD: CNNVD-201505-309 // NVD: CVE-2015-2346

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-2346
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-2346
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201505-309
value: MEDIUM

Trust: 0.6

VULHUB: VHN-80307
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-2346
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-80307
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-80307 // JVNDB: JVNDB-2015-002723 // CNNVD: CNNVD-201505-309 // NVD: CVE-2015-2346

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2015-002723 // NVD: CVE-2015-2346

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-309

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002723

PATCH
title:Security Notice - Statement about Two Vulnerabilities in SEQ Analyst Producturl:http://www.huawei.com/en/security/psirt/security-bulletins/security-notices/hw-424267.htm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-002723

EXTERNAL IDS
db:NVDid:CVE-2015-2346
Trust: 2.5
db:PACKETSTORMid:131459
Trust: 1.1
db:JVNDBid:JVNDB-2015-002723
Trust: 0.8
db:CNNVDid:CNNVD-201505-309
Trust: 0.7
db:VULHUBid:VHN-80307
Trust: 0.1
sources:
            
            
            VULHUB: VHN-80307 // 
            
            
            
            JVNDB: JVNDB-2015-002723 // 
            
            
            
            CNNVD: CNNVD-201505-309 // 
            
            
            
            NVD: CVE-2015-2346

REFERENCES
url:http://seclists.org/fulldisclosure/2015/apr/42
Trust: 2.5
url:http://packetstormsecurity.com/files/131459/huawei-seq-analyst-xxe-injection.html
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2346
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2346
Trust: 0.8
sources:
            
            
            VULHUB: VHN-80307 // 
            
            
            
            JVNDB: JVNDB-2015-002723 // 
            
            
            
            CNNVD: CNNVD-201505-309 // 
            
            
            
            NVD: CVE-2015-2346

SOURCES
db:VULHUBid:VHN-80307
db:JVNDBid:JVNDB-2015-002723
db:CNNVDid:CNNVD-201505-309
db:NVDid:CVE-2015-2346

LAST UPDATE DATE
2025-04-13T23:25:14.223000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-80307date:2016-12-03T00:00:00
db:JVNDBid:JVNDB-2015-002723date:2015-05-20T00:00:00
db:CNNVDid:CNNVD-201505-309date:2015-05-19T00:00:00
db:NVDid:CVE-2015-2346date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-80307date:2015-05-18T00:00:00
db:JVNDBid:JVNDB-2015-002723date:2015-05-20T00:00:00
db:CNNVDid:CNNVD-201505-309date:2015-05-19T00:00:00
db:NVDid:CVE-2015-2346date:2015-05-18T15:59:06.777