CNNVD-202507-2876 Information
CNNVD ID
CNNVD-202507-2876
Related CVE
- CNNVD Published: 2025-07-22
Description (Chinese)
ETQ Reliance CG是美国ETQ公司的一款质量管理系统。 ETQ Reliance CG存在安全漏洞,该漏洞源于/resources/sessions/sso端点未禁用外部实体解析,可能导致XML外部实体注入攻击。
Description (English)
ETQ Renewal CG is a quality management system for ETQ in the United States. There is a security loophole in ETQ Reliance CG, which stems from the fact that the /resources/sessions/sso endpoint has not been disabled from the analysis of an external entity, which could lead to an attack by an outside XML entity.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
ETQ
Published
2025-07-22
Last Modified
2026-02-24
References
https://www.etq.com/product-overview/ https://www.etq.com/blog/etq-reliance-security-update/ https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/ https://access.redhat.com/security/cve/cve-2025-34142 https://nvd.nist.gov/vuln/detail/CVE-2025-34142
Patch
https://www.etq.com/blog/etq-reliance-security-update/
Share on: