Lucene search

Plex Media Server -- Information Disclosure Vulnerability

🗓️ 01 Aug 2018 00:00:00Reported by FreeBSDType

The XML parsing engine in Plex Media Server is vulnerable to an XXE attack, allowing unauthorized LAN attackers to access files and initiate SMB connections for password capture and remote execution

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 9
Prion	Xxe	13 Aug 201817:29	–	prion
NVD	CVE-2018-13415	13 Aug 201817:29	–	nvd
Tenable Nessus	FreeBSD : Plex Media Server -- Information Disclosure Vulnerability (337960ec-b5dc-11e8-ac58-a4badb2f4699)	12 Sep 201800:00	–	nessus
0day.today	Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection Vulnerability	6 Aug 201800:00	–	zdt
Exploit DB	Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection	3 Aug 201800:00	–	exploitdb
exploitpack	Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection	3 Aug 201800:00	–	exploitpack
Cvelist	CVE-2018-13415	13 Aug 201817:00	–	cvelist
Packet Storm	Plex Media Server 1.13.2.5154 SSDP Processing XML Injection	3 Aug 201800:00	–	packetstorm
CVE	CVE-2018-13415	13 Aug 201817:29	–	cve

Source	Link
seclists	www.seclists.org/fulldisclosure/2018/Aug/1

OS	OS Version	Architecture	Package	Package Version	Filename
FreeBSD	any	noarch	plexmediaserver	1.13.5.5332	UNKNOWN
FreeBSD	any	noarch	plexmediaserver-plexpass	1.13.5.5332	UNKNOWN

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Aug 2018 00:00Current

4.5Medium risk

Vulners AI Score4.5

CVSS27.5

CVSS39.8

EPSS0.35514