CVE-2018-17186

Published: Nov 6, 2018

Modified: Sep 17, 2024

PUBLISHED

Description

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.

Vendor	Product	Versions
Apache Software Foundation	Apache Syncope	affected `Apache Syncope releases prior to 2.0.11 and 2.1.2`

References

https://syncope.apache.org/security#CVE-2018-17186:_XXE_on_BPMN_definitions

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-17186

Description

Affected Products

References