exploitDog

CVE-2024-50848

Опубликовано: 18 нояб. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file.

Ссылки

https://github.com/1mhr4b/CVE-2024-50848
https://github.com/Wh1teSnak3/CVE-2024-50848
Third Party Advisory
https://www.trados.com/product/worldserver/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rws:worldserver:11.8.2:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.07936

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-611

Связанные уязвимости

GHSA-3mjq-gr7r-h6x3

CVSS3: 6.5

github

около 1 года назад

An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file.

EPSS

Процентиль: 92%

0.07936

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-611