CVE-2023-35815

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-35815
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.

3.5 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://code-white.com/public-vulnerability-list/ Vendor Advisory
https://supportcenter.devexpress.com/ticket/details/t1141947/data-source-protection-bypass-during-xml-deserialization Permissions Required
https://supportcenter.devexpress.com/ticket/details/t1159142/web-reporting-data-source-protection-bypassed-during-xml-deserialization Permissions Required
https://supportcenter.devexpress.com/ticket/details/t394936/devexpress-security-advisory-updated-on-april-27-2023 Permissions Required
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:devexpress:devexpress:*:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:devexpress:22.1.8:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:devexpress:22.2.4:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:devexpress:22.2.5:*:*:*:*:*:*:*
History

05 Jun 2025, 14:29

Type Values Removed Values Added
References () https://code-white.com/public-vulnerability-list/ - () https://code-white.com/public-vulnerability-list/ - Vendor Advisory
References () https://supportcenter.devexpress.com/ticket/details/t1141947/data-source-protection-bypass-during-xml-deserialization - () https://supportcenter.devexpress.com/ticket/details/t1141947/data-source-protection-bypass-during-xml-deserialization - Permissions Required
References () https://supportcenter.devexpress.com/ticket/details/t1159142/web-reporting-data-source-protection-bypassed-during-xml-deserialization - () https://supportcenter.devexpress.com/ticket/details/t1159142/web-reporting-data-source-protection-bypassed-during-xml-deserialization - Permissions Required
References () https://supportcenter.devexpress.com/ticket/details/t394936/devexpress-security-advisory-updated-on-april-27-2023 - () https://supportcenter.devexpress.com/ticket/details/t394936/devexpress-security-advisory-updated-on-april-27-2023 - Permissions Required
CPE cpe:2.3:a:devexpress:devexpress:22.2.5:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:devexpress:*:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:devexpress:22.1.8:*:*:*:*:*:*:*
cpe:2.3:a:devexpress:devexpress:22.2.4:*:*:*:*:*:*:*
First Time Devexpress devexpress
Devexpress

29 Apr 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) DevExpress anterior a 23.1.3 tiene un mecanismo de protección de fuente de datos que se evita durante la deserialización de datos XML.

28 Apr 2025, 17:15

Type Values Removed Values Added
References
  • () https://code-white.com/public-vulnerability-list/ -

28 Apr 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-28 16:15

Updated : 2025-06-05 14:29

NVD link : CVE-2023-35815

Mitre link : CVE-2023-35815

CVE.ORG link : CVE-2023-35815

JSON object : View

Products Affected

devexpress

  • devexpress
CWE
CWE-502

Deserialization of Untrusted Data