Sdl · Sdl Web · CVE-2018-19371
**Name of the Vulnerable Software and Affected Versions**
SDL Web version 8.5.0
**Description**
The issue concerns an XXE vulnerability in the SaveUserSettings service of Content Manager, allowing unauthorized access to sensitive system files.
**Recommendations**
For SDL Web version 8.5.0, update to a version that includes a fix for this issue, as using an XXE vulnerability can lead to sensitive data exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.