CVE-2018-17186
published 2018-11-06CVE-2018-17186: An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and…
high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | syncope | 2.0.0 – 2.0.11 | — |
| apache | syncope | 2.1.0 – 2.1.2 | — |
| apache_software_foundation | apache_syncope | — | — |