exploitDog

GHSA-mxvx-h4rp-cjrc

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 10

Описание

UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file.

UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file.

Ссылки

EPSS

Процентиль: 47%

0.00245

Низкий

10 Critical

CVSS3

CVE ID

CVE-2018-1000837

Дефекты

CWE-611

Связанные уязвимости

CVE-2018-1000837

CVSS3: 10

nvd

около 7 лет назад

UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file.

EPSS

Процентиль: 47%

0.00245

Низкий

10 Critical

CVSS3

CVE ID

CVE-2018-1000837

Дефекты

CWE-611