ID CVE-2020-27197
Summary ** DISPUTED ** TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library" and that this may be an issue to "raise ... to the lxml group."
References
Vulnerable Configurations
  • cpe:2.3:a:eclecticiq:opentaxii:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:eclecticiq:opentaxii:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:eclecticiq:opentaxii:0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:eclecticiq:opentaxii:0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:eclecticiq:opentaxii:0.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:eclecticiq:opentaxii:0.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:eclecticiq:opentaxii:0.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:eclecticiq:opentaxii:0.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:eclecticiq:opentaxii:0.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:eclecticiq:opentaxii:0.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:eclecticiq:opentaxii:0.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:eclecticiq:opentaxii:0.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:eclecticiq:opentaxii:0.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:eclecticiq:opentaxii:0.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:eclecticiq:opentaxii:0.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:eclecticiq:opentaxii:0.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:eclecticiq:opentaxii:0.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:eclecticiq:opentaxii:0.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:eclecticiq:opentaxii:0.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:eclecticiq:opentaxii:0.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:eclecticiq:opentaxii:0.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:eclecticiq:opentaxii:0.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:eclecticiq:opentaxii:0.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:eclecticiq:opentaxii:0.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:eclecticiq:opentaxii:0.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:eclecticiq:opentaxii:0.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:eclecticiq:opentaxii:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:eclecticiq:opentaxii:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.0.090:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.0.090:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.0.100:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.0.100:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.0.101:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.0.101:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.0.102:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.0.102:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.0.103:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.0.103:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.0.104:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.0.104:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.0.105:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.0.105:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.0.106:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.0.106:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.0.107:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.0.107:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.100:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.100:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.101:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.101:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.102:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.102:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.103:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.103:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.104:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.104:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.105:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.105:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.106:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.106:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.107:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.107:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.108:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.108:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.109:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.109:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.110:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.110:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.111:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.111:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.112:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.112:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.113:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.113:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.114:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.114:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.115:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.115:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.116:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.116:*:*:*:*:*:*:*
  • cpe:2.3:a:libtaxii_project:libtaxii:1.1.117:*:*:*:*:*:*:*
    cpe:2.3:a:libtaxii_project:libtaxii:1.1.117:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 27-10-2020 - 19:51)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
misc
Last major update 27-10-2020 - 19:51
Published 17-10-2020 - 20:15
Last modified 27-10-2020 - 19:51
Back to Top