Vulnerabilities > CVE-2018-10077 - XXE vulnerability in Vertiv Watchdog Console 3.2.2

047910
CVSS 4.9 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
vertiv
CWE-611
exploit available

Summary

XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.

Vulnerable Configurations

Part Description Count
OS
Vertiv
1

Exploit-Db

descriptionGeist WatchDog Console 3.2.2 - Multiple Vulnerabilities. CVE-2018-10077,CVE-2018-10078,CVE-2018-10079. Webapps exploit for XML platform. Tags: Cross-Site Scr...
fileexploits/xml/webapps/44493.txt
idEDB-ID:44493
last seen2018-05-24
modified2018-04-18
platformxml
port
published2018-04-18
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/44493/
titleGeist WatchDog Console 3.2.2 - Multiple Vulnerabilities
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/147253/geistwc322-xxexss.txt
idPACKETSTORM:147253
last seen2018-04-19
published2018-04-19
reporterbzyo
sourcehttps://packetstormsecurity.com/files/147253/Geist-WatchDog-Console-3.2.2-XSS-XML-Injection-Insecure-Permissions.html
titleGeist WatchDog Console 3.2.2 XSS / XML Injection / Insecure Permissions