Lucene search

MitreCVE-2018-16252

HistorySep 05, 2018 - 9:29 p.m.

CVE-2018-16252

2018-09-0521:29:03

CWE-611

mitre

web.nvd.nist.gov

cve-2018-16252

xml

injection

security

event log explorer

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.3

Confidence

High

EPSS

0.001

Percentile

49.9%

JSON

FsPro Labs Event Log Explorer 4.6.1.2115 has “.elx” FileType XML External Entity Injection.

Affected configurations

Nvd

Node

fsproevent_log_explorerMatch4.6.1.2115

VendorProductVersionCPE
fsproevent_log_explorer4.6.1.2115cpe:2.3:a:fspro:event_log_explorer:4.6.1.2115:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fspro	event_log_explorer	4.6.1.2115	cpe:2.3:a:fspro:event_log_explorer:4.6.1.2115:::::::*

References

hyp3rlinx.altervista.org/advisories/FSPRO-LABS-EVENT-LOG-EXPLORER-XML-INJECTION-INFO-DISCLOSURE.txt

packetstormsecurity.com/files/149195/FsPro-Labs-Event-Log-Explorer-4.6.1.2115-XML-Injection.html

www.exploit-db.com/exploits/45319/

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.3

Confidence

High

EPSS

0.001

Percentile

49.9%

JSON

Related for CVE-2018-16252