Vulnerabilities > CVE-2018-1000546 - XXE vulnerability in Triplea-Game Triplea

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

triplea-game

CWE-611

NVD

Published: 2018-06-26

Updated: 2018-08-20

Summary

Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML).

Vulnerable Configurations

Part	Description	Count
Application	Triplea-Game Triplea Game Triplea 1.8.0.7 Triplea Game Triplea 1.8.0.9 Triplea Game Triplea 1.8.0.9.1 Triplea Game Triplea 1.9.0.0.3635 Triplea Game Triplea 1.9.0.0.7062 Triplea Game Triplea 1.9.0.0.7342 Triplea Game Triplea 1.9.0.0.7378 Triplea Game Triplea 1.9.0.0.7621 Triplea Game Triplea 1.9.0.0.9687 Triplea Game Triplea 1.9.0.0.10291	10

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References