PT-2019-9795 · Sdl · Sdl Web
Ahmed Elhady Mohamed
+1
·
Publicado
2019-01-02
·
Atualizado
2019-01-24
·
CVE-2018-19371
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SDL Web version 8.5.0
Description
The issue concerns an XXE vulnerability in the SaveUserSettings service of Content Manager, allowing unauthorized access to sensitive system files.
Recommendations
For SDL Web version 8.5.0, update to a version that includes a fix for this issue, as using an XXE vulnerability can lead to sensitive data exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XXE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sdl Web