HIGH🇬🇧 English

CVE-2026-4374

CVSS 8.8v4.0pub. 2026-04-01upd. 2026-04-21

Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Routing Service,Observability Collector,Recording Service,Queueing Service,Cloud Discovery Service) allows Serialized Data External Linking, Data Serializat...

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Rti Connext Professional

    APP
    Rti
    5.3.0 – 5.3.1.456.0.0 – 6.0.1.406.1.0 – 6.1.2.277.0.0 – 7.3.1.1 (bez)7.4.0 – 7.7.0 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XXE
CWE
Referencje

Powiązane podatności

CVE-2024-52057CRITICAL9.1PL ✓ten sam produkt

SQL Injection w RTI Connext Professional (Queuing Service)

CVE-2025-14543HIGH8.8ten sam produkt

Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) a...

CVE-2025-10450HIGH8.3ten sam produkt

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in RTI Connext Professional (C...

CVE-2025-1255HIGH8.3ten sam produkt

Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipu...

CVE-2025-4993HIGH8.3ten sam produkt

Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipu...