Vulnerability Details CVE-2018-1000546
Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
Products affected by CVE-2018-1000546
-
cpe:2.3:a:triplea-game:triplea:1.8.0.7
-
cpe:2.3:a:triplea-game:triplea:1.8.0.9
-
cpe:2.3:a:triplea-game:triplea:1.8.0.9.1
-
cpe:2.3:a:triplea-game:triplea:1.9.0.0.10291
-
cpe:2.3:a:triplea-game:triplea:1.9.0.0.3635
-
cpe:2.3:a:triplea-game:triplea:1.9.0.0.7062
-
cpe:2.3:a:triplea-game:triplea:1.9.0.0.7342
-
cpe:2.3:a:triplea-game:triplea:1.9.0.0.7378
-
cpe:2.3:a:triplea-game:triplea:1.9.0.0.7621
-
cpe:2.3:a:triplea-game:triplea:1.9.0.0.9687