PT-2018-14021 · Iway · Iway Data Quality Suite Web Console

Mrr3Boot

Publicado

2018-09-26

Atualizado

2018-12-17

CVE-2018-17411

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions iWay Data Quality Suite Web Console version 10.6.1.ga-2016-11-20

Description An XML External Entity (XXE) issue exists. This means that the software may be tricked into accessing resources or data it should not, potentially leading to information disclosure or other security issues.

Recommendations For iWay Data Quality Suite Web Console version 10.6.1.ga-2016-11-20, consider disabling XML external entities in the parser configuration as a temporary workaround until a patch is available.

Exploit

Correção

XXE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-611

Identificadores relacionados

CVE-2018-17411

Produtos afetados

Iway Data Quality Suite Web Console

PT-2018-14021 · Iway · Iway Data Quality Suite Web Console

CVE-2018-17411

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3