Vulnerabilities > CVE-2018-1000542 - XXE vulnerability in Netbeans-Mmd-Plugin Project Netbeans-Mmd-Plugin 1.4.3

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

netbeans-mmd-plugin-project

CWE-611

NVD

Published: 2018-06-26

Updated: 2018-08-20

Summary

netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file.

Vulnerable Configurations

Part	Description	Count
Application	Netbeans-Mmd-Plugin_Project Netbeans MMD Plugin Project Netbeans MMD Plugin 1.4.3	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://github.com/raydac/netbeans-mmd-plugin/issues/45
https://0dd.zone/2018/06/02/Netbeans-MMD-Plugin-XXE/