Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-5070

The administration backup restore resource was vulnerable to XXE - CVE-2017-18110

XMLWordPrintable

      The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to read files from the filesystem via a XXE vulnerability.

            [CWD-5070] The administration backup restore resource was vulnerable to XXE - CVE-2017-18110

            Security Metrics Bot added a comment -

            This is an independent assessment and you should evaluate its applicability to your own IT environment.
            CVSS v3 score: 6.8 => Medium severity

            Exploitability Metrics

            Attack Vector Network
            Attack Complexity Low
            Privileges Required High
            User Interaction None

            Scope Metric

            Scope Changed

            Impact Metrics

            Confidentiality High
            Integrity None
            Availability None

            Security Metrics Bot added a comment - This is an independent assessment and you should evaluate its applicability to your own IT environment. CVSS v3 score: 6.8 => Medium severity Exploitability Metrics Attack Vector Network Attack Complexity Low Privileges Required High User Interaction None Scope Metric Scope Changed Impact Metrics Confidentiality High Integrity None Availability None

              Unassigned Unassigned
              security-metrics-bot Security Metrics Bot
              Affected customers:
              0 This affects my team
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: