Primary

Context

DataSpider Servista XML External Entity Reference Vulnerability Allowing Arbitrary File Read or Denial-of-Service

Vulnerability

Patched

A vulnerability exists in DataSpider Servista versions through 4.4, related to improper restriction of XML external entity references. This issue can be exploited to read arbitrary files from the file system where the server application is installed, or to cause a denial-of-service condition.

Impact

Exploitation of this vulnerability could lead to unauthorized reading of files on the server's file system or cause a denial-of-service condition.

Remediation

Users are advised to update DataSpider Servista to version 4.5, which addresses this vulnerability.

Added: Sep 29, 2025, 8:17 AM

Updated: Sep 29, 2025, 8:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

7.0

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

5.0

exploitability

7.0

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DataSpider Servista XML External Entity Reference Vulnerability Allowing Arbitrary File Read or Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Saison Technology DataSpider Servista

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating