CVE-2018-17186

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-11-06 20:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-17186

Mitre link : CVE-2018-17186

CVE.ORG link : CVE-2018-17186


JSON object : View

Products Affected

apache

  • syncope
CWE
CWE-611

Improper Restriction of XML External Entity Reference