CVE-2018-1000542

netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
netbeans-mmd-plugin_projectnetbeans-mmd-plugin
1.4.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://0dd.zone/2018/06/02/Netbeans-MMD-Plugin-XXE/
https://github.com/raydac/netbeans-mmd-plugin/issues/45
https://0dd.zone/2018/06/02/Netbeans-MMD-Plugin-XXE/
https://github.com/raydac/netbeans-mmd-plugin/issues/45