CVE-2025-34142— ETQ Reliance CG < SE.2025.1 / < 2025.1.2 XXE Injection in SSO SAML Handler

ETQ Reliance CG < SE.2025.1 / < 2025.1.2 XXE Injection in SSO SAML Handler

An XML External Entity (XXE) injection vulnerability exists in ETQ Reliance on the CG (legacy) platform within the `/resources/sessions/sso` endpoint. The SAML authentication handler processes XML input without disabling external entity resolution, allowing crafted SAML responses to invoke external entity references. This could enable attackers to retrieve sensitive files or perform server-side request forgery (SSRF). The issue was addressed by disabling external entity processing for the affected XML parser in versions SE.2025.1 and 2025.1.2.

N/A

XML外部实体引用的不恰当限制(XXE)

ETQ Reliance CG 代码问题漏洞

ETQ Reliance CG是美国ETQ公司的一款质量管理系统。 ETQ Reliance CG存在安全漏洞，该漏洞源于/resources/sessions/sso端点未禁用外部实体解析，可能导致XML外部实体注入攻击。

N/A

N/A