CVE-2018-17186

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:54

Type Values Removed Values Added
References () https://syncope.apache.org/security#CVE-2018-17186:_XXE_on_BPMN_definitions - Mitigation, Vendor Advisory () https://syncope.apache.org/security#CVE-2018-17186:_XXE_on_BPMN_definitions - Mitigation, Vendor Advisory

Information

Published : 2018-11-06 20:29

Updated : 2024-11-21 03:54


NVD link : CVE-2018-17186

Mitre link : CVE-2018-17186

CVE.ORG link : CVE-2018-17186


JSON object : View

Products Affected

apache

  • syncope
CWE
CWE-611

Improper Restriction of XML External Entity Reference