1. CVE-Search
  2. CVE-2018-10174
ID CVE-2018-10174
Summary Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role.
References
Vulnerable Configurations
  • cpe:2.3:a:digitalguardian:management_console:7.1.2.0015:*:*:*:*:*:*:*
    cpe:2.3:a:digitalguardian:management_console:7.1.2.0015:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 22-05-2018 - 15:25)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:N/A:N
refmap via4
misc http://packetstormsecurity.com/files/147260/Digital-Guardian-Management-Console-7.1.2.0015-Server-Side-Request-Forgery.html
Last major update 22-05-2018 - 15:25
Published 20-04-2018 - 21:29
Last modified 22-05-2018 - 15:25
Back to Top