|CVSS SCORE||4.0, (AV:N/AC:L/Au:S/C:P/I:N/A:N)|
The specific flaw exists within TreeUserControl_process_tree_event.aspx. This page exhibits an XML external entity injection vulnerability. An attacker can leverage this vulnerability to disclose sensitive information under the context of NETWORKSERVICE.
Trend Micro has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Steven Seeley of Source Incite