Lucene search

K
cve[email protected]CVE-2018-10613
HistoryJun 04, 2018 - 2:29 p.m.

CVE-2018-10613

2018-06-0414:29:00
CWE-611
web.nvd.nist.gov
32
cve-2018-10613
xml
external entity
xxe
ge
mds pulsenet
mds pulsenet enterprise
vulnerability
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.004

Percentile

74.4%

Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.

Affected configurations

NVD
Node
gemds_pulsenetRange3.2.1
Node
gemds_pulsenetRange3.2.1enterprise
CPENameOperatorVersion
ge:mds_pulsenetge mds pulsenetle3.2.1

CNA Affected

[
  {
    "product": "MDS PulseNET and MDS PulseNET Enterprise",
    "vendor": "GE",
    "versions": [
      {
        "status": "affected",
        "version": "Version 3.2.1 and prior"
      }
    ]
  }
]

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.004

Percentile

74.4%