Lucene search

[email protected]CVE-2018-15805

HistoryDec 10, 2018 - 7:29 p.m.

CVE-2018-15805

2018-12-1019:29:25

CWE-611

[email protected]

web.nvd.nist.gov

cve-2018-15805

accusoft

prizmdoc

html5

xxe

vulnerability

nvd

security

file access

denial of service

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.7%

JSON

Accusoft PrizmDoc HTML5 Document Viewer before 13.5 contains an XML external entity (XXE) vulnerability, allowing an attacker to read arbitrary files or cause a denial of service (resource consumption).

Affected configurations

NVD

Node

accusoftprizmdocRange<13.5

CPENameOperatorVersion
accusoft:prizmdocaccusoft prizmdoclt13.5

CPE	Name	Operator	Version
accusoft:prizmdoc	accusoft prizmdoc	lt	13.5

References

help.accusoft.com/PrizmDoc/v13.5/HTML/webframe.html#Release_v13_5.html

medium.com/%40mrnikhilsri/oob-xxe-in-prizmdoc-cve-2018-15805-dfb1e474345c

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

8.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.7%

JSON

Related for CVE-2018-15805

prion1 cvelist1 nvd1