CVE-2023-42344
Published: 08 May 2026
Summary
CVE-2023-42344 is a high-severity Improper Restriction of XML External Entity Reference (CWE-611) vulnerability in Watchtowr (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, ranked in the top 5.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Alkacon OpenCms versions before 10.5.1 contain an XML external entity (XXE) vulnerability tracked as CWE-611. The flaw resides in the Chemistry servlet and is reachable through the cmis-online/query endpoint, enabling remote attackers to supply crafted XML that triggers external entity processing.
Unauthenticated attackers with network access can exploit the issue without user interaction or credentials. Successful attacks allow limited disclosure of sensitive information along with partial integrity and availability impacts, corresponding to the reported CVSS 7.3 vector.
Public references describe the vulnerability in detail and include detection templates, but the supplied data contains no explicit statements on patches, configuration changes, or other mitigations. The associated EPSS score has remained flat at 0.1610 with no observed upward trajectory after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-46797
Vulnerability details
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet.
- CWE(s)
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.