CVE-2023-42344
Alkacon OpenCms XXE Vulnerability Exposes Sensitive Data
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| alkacon | opencms | to 10.5.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-611 | The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Alkacon OpenCms versions before 10.5.1. It allows remote unauthenticated attackers to obtain sensitive information by exploiting an XML External Entity (XXE) attack through the cmis-online/query feature on a Chemistry servlet.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in Alkacon OpenCms before version 10.5.1 can be mitigated by upgrading to OpenCMS version 10.5.1 or later, where the issue has been patched.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information to remote attackers without requiring authentication. This could compromise confidential data managed by the affected system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote unauthenticated attackers to obtain sensitive information via an XXE attack, which could lead to unauthorized access to confidential data.
Such unauthorized disclosure of sensitive information may impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.
However, specific impacts on compliance or regulatory requirements are not detailed in the provided information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a specially crafted POST request to the vulnerable endpoint `/opencms/cmisatom/cmis-online/query` that includes a malicious XML payload exploiting the XXE flaw.
A common detection method involves sending an XML payload designed to read sensitive files such as `/etc/passwd`. If the response contains typical content from this file, such as the string "root:x:", it confirms the presence of the vulnerability.
For example, using a tool like curl, you can send a POST request with an XML body to test for the vulnerability.
- curl -X POST https://targetsite/opencms/cmisatom/cmis-online/query -H "Content-Type: application/xml" --data-binary @payload.xml
Where `payload.xml` contains the malicious XML designed to trigger the XXE and extract `/etc/passwd`.
Alternatively, automated scanners like Nuclei have templates specifically for CVE-2023-42344 that perform this check by sending the crafted payload and looking for the "root:x:" string in the response.