0.001 Low
EPSS
Percentile
24.1%
An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.
github.com/advisories/GHSA-qfjv-998w-q48f
github.com/apache/syncope/commit/a0f35f45f8ca5c98853ae8477fb2db81a84709a
nvd.nist.gov/vuln/detail/CVE-2018-17186
syncope.apache.org/security#CVE-2018-17186:_XXE_on_BPMN_definitions