PT-2018-9545 · Micromathematics · Micromathematics

Prodigysml

Published

2018-12-20

Updated

2019-01-08

CVE-2018-1000821

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MicroMathematics versions prior to commit 5c05ac8

Description The issue concerns a XML External Entity (XXE) vulnerability in SMathStudio files, which can lead to the disclosure of confidential data, denial of service, Server-Side Request Forgery (SSRF), and port scanning. This can be exploited through specially crafted SMathStudio files.

Recommendations For versions prior to commit 5c05ac8, update to a version after commit 5c05ac8 to resolve the issue. As a temporary workaround, consider restricting the use of SMathStudio files until the update is applied.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2018-1000821

Affected Products

Micromathematics

PT-2018-9545 · Micromathematics · Micromathematics

CVE-2018-1000821

Weakness Enumeration

Related Identifiers

Affected Products

References · 4