CVE-2018-12471

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
8.1HIGH
EPSS
0.5%
top 32.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse Linux SMTSuse Subscription Management Tool
Timeline
PublishedOct 4
Latest updateMay 13

Description

A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing blocking elements. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

CVEListV5suse_linux/smtunspecified3.0.37

🔴Vulnerability Details

2
GHSA
GHSA-6gf8-cqw7-6g5f: A External Entity Reference ('XXE') vulnerability in SUSE Linux SMT allows remote attackers to read data from the server or cause DoS by referencing b2022-05-13
CVEList
External Entity processing in the RegistrationSharing module2018-10-04
CVE-2018-12471 (HIGH CVSS 8.1) | A External Entity Reference ('XXE') | cvebase.io