CNNVD-202508-3167 Information

CNNVD ID

CNNVD-202508-3167

Related CVE

CVE-2023-7307

• CNNVD Published: 2025-08-27

Description (Chinese)

Sangfor Behavior Management System是中国深信服（Sangfor）公司的一款行为管理软件。 Sangfor Behavior Management System存在安全漏洞，该漏洞源于XML解析器配置不当，可能导致内部文件泄露或服务端请求伪造。

Description (English)

Sangfor Behavior Management Systems is a behaviour management software that China believes in. There was a security loophole in Sangfor Behavior Management System, which stemmed from the inappropriate configuration of the XML decipher, which could lead to the disclosure of internal documents or the forgery of service requests.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

深信服

Published

2025-08-27

Last Modified

2026-02-24

References

https://www.vulncheck.com/advisories/sangfor-behavior-management-system-xml-external-entity-injection https://www.sangfor.com/blog/cybersecurity/launching-sangfor-iam-12-0-23-manage-risky-shadow-it-right-way https://www.cnblogs.com/pursue-security/p/17666126.html https://support.sangfor.com.cn/productDocument/read?product_id=22&version_id=329&category_id=261800 https://nvd.nist.gov/vuln/detail/CVE-2023-7307