XML External Entity (XXE) Vulnerability in Determine Contract Lifecycle Management (CLM) v5.4 Allows Unauthorized File Reading

XML External Entity (XXE) Vulnerability in Determine Contract Lifecycle Management (CLM) v5.4 Allows Unauthorized File Reading

CVE-2019-20153 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload_attach.jsp allows authenticated remote attackers to read arbitrary files (including configuration files containing administrative credentials).

Learn more about our External Network Penetration Testing.