Vulnerabilities > CVE-2018-20298 - XXE vulnerability in S3Browser S3 Browser
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol.