Vulnerabilities > CVE-2018-10174 - Server-Side Request Forgery (SSRF) vulnerability in Digitalguardian Management Console 7.1.2.0015

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
digitalguardian
CWE-918

Summary

Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role.

Vulnerable Configurations

Part Description Count
Application
Digitalguardian
1

Common Weakness Enumeration (CWE)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/147260/dgmc-ssrf.txt
idPACKETSTORM:147260
last seen2018-04-19
published2018-04-19
reporterPawel Gocyla
sourcehttps://packetstormsecurity.com/files/147260/Digital-Guardian-Management-Console-7.1.2.0015-Server-Side-Request-Forgery.html
titleDigital Guardian Management Console 7.1.2.0015 Server Side Request Forgery