CVE-2018-17186

Severity CVSS v4.0:
Pending analysis
Type:
CWE-611 Improper Restriction of XML External Entity Reference ('XXE')
Publication date:
06/11/2018
Last modified:
31/01/2019

Description

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:* 2.0.0 (including) 2.0.11 (including)
cpe:2.3:a:apache:syncope:*:*:*:*:*:*:*:* 2.1.0 (including) 2.1.2 (including)