|CVSS SCORE||4.0, (AV:N/AC:L/Au:S/C:P/I:N/A:N)|
The specific flaw exists within ProductTree_TreeManagement1.aspx. This page exhibits an XML external entity injection vulnerability. An attacker can leverage this vulnerability to disclose sensitive information under the context of NETWORKSERVICE.
Trend Micro has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Steven Seeley of Source Incite