CVE-2018-10077

Опубликовано: 20 апр. 2018

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Средний

Описание

XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.

Ссылки

http://packetstormsecurity.com/files/147253/Geist-WatchDog-Console-3.2.2-XSS-XML-Injection-Insecure-Permissions.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/44493/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/147253/Geist-WatchDog-Console-3.2.2-XSS-XML-Injection-Insecure-Permissions.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/44493/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:vertiv:watchdog_console:3.2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.14111

Средний

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-2q8v-8987-rxr5