PT-2019-9795 · Sdl · Sdl Web
Ahmed Elhady Mohamed
+1
·
Published
2019-01-02
·
Updated
2019-01-24
·
CVE-2018-19371
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SDL Web version 8.5.0
Description
The issue concerns an XXE vulnerability in the SaveUserSettings service of Content Manager, allowing unauthorized access to sensitive system files.
Recommendations
For SDL Web version 8.5.0, update to a version that includes a fix for this issue, as using an XXE vulnerability can lead to sensitive data exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sdl Web