Vulnerabilities > CVE-2017-8918 - XXE vulnerability in Blackwave Dive Assistant 8.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

blackwave

CWE-611

exploit available

NVD

Published: 2017-09-12

Updated: 2017-09-21

Summary

XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file.

Vulnerable Configurations

Part	Description	Count
Application	Blackwave Blackwave Dive Assistant 8.0	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit-Db

id	EDB-ID:42000
last seen	2018-11-30
modified	2017-05-12
published	2017-05-12
reporter	Exploit-DB
source	https://www.exploit-db.com/download/42000
title	Dive Assistant Template Builder 8.0 - XML External Entity Injection

References

https://thenopsled.com/Exploit-DB%20Writeup.txt