Hi all, I would like to ask a question regarding "CVE-2015-0252 and CVE-2016-0729" vulnerabilities.
We are using xerces c++ 2.8.0 and therefore we are affected from both "Buffer Overflow Vulnerability - CVE-2016-0729" and "Denial of Service Vulnerability - CVE-2015-0252". In the description provided it is mentioned that these vulnerabilities can be exploited by an unauthenticated attacker. Our software uses XML parsing and login is required so as to proceed with XML parsing. The question is whether the login procedure reduces the vulnerability criticality, regarding authentication metric (cvss score). Is this attacker still considered as unauthenticated in our case? Thank you in advance for your prompt reply. Best, Matina Matina Lakka FN Services PV R&D 22 NOKIA Promitheos Str. 12, 145 64 Nea Kifissia Athens - Greece mail to: matina.la...@nsn.com