CVE-2019-15641

EUVD-2019-6593
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
webminwebmin
𝑥
≤ 1.930
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
webmin
bionic
dne
disco
dne
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/
https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/