GE Global Discovery Server CVE-2018-15362 XML External Entity Injection Vulnerability
BID:106133
CVE-2018-15362 |Info
GE Global Discovery Server CVE-2018-15362 XML External Entity Injection Vulnerability
| Bugtraq ID: | 106133 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-15362 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 06 2018 12:00AM |
| Updated: | Dec 06 2018 12:00AM |
| Credit: | Vladimir Dashchenko of Kaspersky Lab |
| Vulnerable: |
Ge Global Discovery Server 2.0 Ge Global Discovery Server 1.1 Ge Global Discovery Server 1.0 Ge CIMPLICITY 9.5 Ge CIMPLICITY 9.0 R2 Ge CIMPLICITY 10.0 |
| Not Vulnerable: |
Ge Global Discovery Server 2.1 |
Discussion
GE Global Discovery Server CVE-2018-15362 XML External Entity Injection Vulnerability
GE Global Discovery Server is prone to an XML External Entity injection vulnerability.
Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions.
Versions prior to Global Discovery Server 2.1 are vulnerable.
GE Global Discovery Server is prone to an XML External Entity injection vulnerability.
Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions.
Versions prior to Global Discovery Server 2.1 are vulnerable.
Solution / Fix
GE Global Discovery Server CVE-2018-15362 XML External Entity Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
GE Global Discovery Server CVE-2018-15362 XML External Entity Injection Vulnerability
References:
References: