PT-2018-14021 · Iway · Iway Data Quality Suite Web Console

Mrr3Boot

Published

2018-09-26

Updated

2018-12-17

CVE-2018-17411

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions iWay Data Quality Suite Web Console version 10.6.1.ga-2016-11-20

Description An XML External Entity (XXE) issue exists. This means that the software may be tricked into accessing resources or data it should not, potentially leading to information disclosure or other security issues.

Recommendations For iWay Data Quality Suite Web Console version 10.6.1.ga-2016-11-20, consider disabling XML external entities in the parser configuration as a temporary workaround until a patch is available.

Exploit

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2018-17411

Affected Products

Iway Data Quality Suite Web Console

PT-2018-14021 · Iway · Iway Data Quality Suite Web Console

CVE-2018-17411

Weakness Enumeration

Related Identifiers

Affected Products

References · 3