CVE-2018-13826XML External Entity (XXE) Injection in Project Portfolio Management

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
9.1CRITICALNVD
EPSS
0.4%
top 40.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Broadcom Project Portfolio ManagementCA Technologies PPMCA Project Portfolio Management
Timeline
PublishedAug 30
Latest updateMay 13

Description

An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

CVEListV5ca_technologies/ppm15.3 and earlier

Patches

Patch: support.ca.comPatch: support.ca.com

🔴Vulnerability Details

2
GHSA
GHSA-84p4-qfpm-85hx: An XML external entity vulnerability in the XOG functionality, in CA PPM 142022-05-13
CVEList
CVE-2018-13826: An XML external entity vulnerability in the XOG functionality, in CA PPM 142018-08-30
CVE-2018-13826 — XML External Entity (XXE) Injection | cvebase