Main Vulnerability Database Exploits ID:5968 - Exploit for XXE attack in Operational Decision Manager - CVE-2018-1821

ID:5968 - Exploit for XXE attack in Operational Decision Manager - CVE-2018-1821

Published: June 17, 2021

Vulnerability identifier: #VU16725

Vulnerability risk: Low

CVE-ID: CVE-2018-1821

CWE-ID: CWE-611

Exploitation vector: Remote access

Vulnerable software:
Operational Decision Manager

Link to public exploit:

https://www.exploit-db.com/exploits/46017/

Vulnerability description

The vulnerability allows a remote authenticated attacker to conduct XXE-attack.

The vulnerability exists due to improper handling of XML External Entities (XXEs) when parsing an XML file. A remote attacker can submit a specially crafted input and obtain potentially sensitive information or cause the service to crash.

Remediation

The vulnerability has been fixed in the versions 8.6.0.3, 8.7.1.2, 8.8.1.3, 8.9.2.1.

ID:5968 - Exploit for XXE attack in Operational Decision Manager - CVE-2018-1821

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human