Vulnerabilities > CVE-2018-1000542 - XXE vulnerability in Netbeans-Mmd-Plugin Project Netbeans-Mmd-Plugin 1.4.3

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

netbeans-mmd-plugin-project

CWE-611

NVD

Published: 2018-06-26

Updated: 2018-08-20

Summary

netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file.

Vulnerable Configurations

Part	Description	Count
Application	Netbeans-Mmd-Plugin_Project Netbeans MMD Plugin Project Netbeans MMD Plugin 1.4.3	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://0dd.zone/2018/06/02/Netbeans-MMD-Plugin-XXE/
https://github.com/raydac/netbeans-mmd-plugin/issues/45