Vulnerabilities > CVE-2018-19371 - XXE vulnerability in SDL web Content Manager 8.5.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
The SaveUserSettings service in Content Manager in SDL Web 8.5.0 has an XXE Vulnerability that allows reading sensitive files from the system.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| file | exploits/xml/webapps/46000.txt |
| id | EDB-ID:46000 |
| last seen | 2018-12-19 |
| modified | 2018-12-18 |
| platform | xml |
| port | |
| published | 2018-12-18 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/46000 |
| title | SDL Web Content Manager 8.5.0 - XML External Entity Injection |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/150826/sdlwcm850-xxe.txt |
| id | PACKETSTORM:150826 |
| last seen | 2018-12-25 |
| published | 2018-12-18 |
| reporter | Ahmed Elhady Mohamed |
| source | https://packetstormsecurity.com/files/150826/SDL-Web-Content-Manager-8.5.0-XML-Injection.html |
| title | SDL Web Content Manager 8.5.0 XML Injection |