CVE-2018-10613

Name of the Vulnerable Software and Affected Versions GE MDS PulseNET versions 3.2.1 and prior GE MDS PulseNET Enterprise versions 3.2.1 and prior

Description The issue allows for XML External Entity (XXE) attacks, which can be used to exfiltrate data from the host Windows platform. This is related to the processing of XML external entities in various servlets, including FglAMServlet, IntegrationXMLProcessorServlet, MagnumEmulator Servlet, and XmlAdapterServlet.

Recommendations For GE MDS PulseNET versions 3.2.1 and prior, update to a version later than 3.2.1 to resolve the issue. For GE MDS PulseNET Enterprise versions 3.2.1 and prior, update to a version later than 3.2.1 to resolve the issue. As a temporary workaround, consider disabling the XML external entity processing in the affected servlets until a patch is available. Restrict access to the vulnerable servlets to minimize the risk of exploitation.