CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-1000542

netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 79.2%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 6.8

References

https://0dd.zone/2018/06/02/Netbeans-MMD-Plugin-XXE/
https://github.com/raydac/netbeans-mmd-plugin/issues/45
https://0dd.zone/2018/06/02/Netbeans-MMD-Plugin-XXE/
https://github.com/raydac/netbeans-mmd-plugin/issues/45

Products affected by CVE-2018-1000542

Netbeans-Mmd-Plugin Project » Netbeans-Mmd-Plugin » Version: 1.4.3

cpe:2.3:a:netbeans-mmd-plugin_project:netbeans-mmd-plugin:1.4.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-1000542

Products

Pricing

Contact Us