Vulnerabilities > CVE-2018-10077 - XXE vulnerability in Vertiv Watchdog Console 3.2.2

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

vertiv

CWE-611

exploit available

NVD

Published: 2018-04-20

Updated: 2021-03-27

Summary

XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.

Vulnerable Configurations

Part	Description	Count
OS	Vertiv Vertiv Watchdog Console 3.2.2	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit-Db

description	Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities. CVE-2018-10077,CVE-2018-10078,CVE-2018-10079. Webapps exploit for XML platform. Tags: Cross-Site Scr...
file	exploits/xml/webapps/44493.txt
id	EDB-ID:44493
last seen	2018-05-24
modified	2018-04-18
platform	xml
port
published	2018-04-18
reporter	Exploit-DB
source	https://www.exploit-db.com/download/44493/
title	Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities
type	webapps

Packetstorm

data source	https://packetstormsecurity.com/files/download/147253/geistwc322-xxexss.txt
id	PACKETSTORM:147253
last seen	2018-04-19
published	2018-04-19
reporter	bzyo
source	https://packetstormsecurity.com/files/147253/Geist-WatchDog-Console-3.2.2-XSS-XML-Injection-Insecure-Permissions.html
title	Geist WatchDog Console 3.2.2 XSS / XML Injection / Insecure Permissions

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References