CVE-2018-17186

CVE-2018-17186

EPSS 2.5%

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.

Productos afectados

Apache Software Foundation · Apache Syncope

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://syncope.apache.org/security#CVE-2018-17186:_XXE_on_BPMN_definitions