CRITICAL🇵🇱 Wersja polska

CVE-2018-1000651

CVSS 10.0v3.0pub. 2018-08-20upd. 2024-11-21

Stroom version <5.4.5 contains a XML External Entity (XXE) vulnerability in XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted XML file.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Gchq Stroom

    APP
    Gchq
    < 5.4.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoSXXE
CWE
References

Related vulnerabilities

CVE-2019-10779MEDIUM6.1ten sam produkt

All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affecte...

CVE-2019-15532MEDIUM6.1ten sam vendor

CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs.