ID CVE-2018-19371
Summary The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.
References
Vulnerable Configurations
  • cpe:2.3:a:sdl:web_content_manager:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:sdl:web_content_manager:8.5.0:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 24-01-2019 - 19:09)
Impact:
Exploitability:
CWE CWE-611
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
exploit-db 46000
misc http://packetstormsecurity.com/files/150826/SDL-Web-Content-Manager-8.5.0-XML-Injection.html
vulnerable_product via4 cpe:2.3:a:sdl:web_content_manager:8.5.0:*:*:*:*:*:*:*
Last major update 24-01-2019 - 19:09
Published 02-01-2019 - 18:29
Back to Top