CVE-2018-17186

CVE-2018-17186

EPSS 2.5%

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.

Produtos afetados

Apache Software Foundation · Apache Syncope

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://syncope.apache.org/security#CVE-2018-17186:_XXE_on_BPMN_definitions