CVE-2018-1000837

EUVD-2018-2028
UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
obeouml_designer
𝑥
≤ 8.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://0dd.zone/2018/10/28/uml-designer-XXE/
https://github.com/ObeoNetwork/UML-Designer/issues/1035
https://0dd.zone/2018/10/28/uml-designer-XXE/
https://github.com/ObeoNetwork/UML-Designer/issues/1035