CVE-2018-17186 Vulnerability in maven package org.apache.syncope.client:syncope-client-console

Description

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.

Remediation

References

https://syncope.apache.org/security#CVE-2018-17186:_XXE_on_BPMN_definitions

Related Vulnerabilities

CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core_2.13

CVE-2019-3875 Vulnerability in maven package org.keycloak:keycloak-server-spi-private

CVE-2021-21623 Vulnerability in maven package org.jenkins-ci.plugins:matrix-auth

CVE-2021-21617 Vulnerability in maven package org.jenkins-ci.plugins: configurationslicing

CVE-2020-28470 Vulnerability in npm package @scullyio/scully

Severity

High

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H