A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation can lead to xml external entity reference.
The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is considered difficult.
The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Attack Parameters
Attack Vector
Network
Атака возможна удалённо
Attack Complexity
High
Сложно эксплуатировать
Attack Requirements
None
Нет дополнительных условий
Privileges Required
Low
Нужны базовые права
User Interaction
None
Не нужно действие пользователя
Impact Assessment
Confidentiality
Low
Частичная утечка данных
Integrity
Low
Частичная модификация данных
Availability
Low
Частичное нарушение работы
CVSS Vector v4.0