CVE-2018-1000837

Name of the Vulnerable Software and Affected Versions UML Designer versions prior to 8.0.0

Description The issue concerns a XML External Entity (XXE) vulnerability in the XML parser for plugins. This can lead to the disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. The attack is exploitable via a malicious plugins.xml file.

Recommendations For versions prior to 8.0.0, update to version 8.0.0 or later to resolve the issue.