CVE-2018-17186

CVE-2018-17186

EPSS 2.5%

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.

Affected products

Apache Software Foundation · Apache Syncope

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://syncope.apache.org/security#CVE-2018-17186:_XXE_on_BPMN_definitions