Vulnerability Details CVE-2018-14473
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.4%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
Products affected by CVE-2018-14473
-
cpe:2.3:a:ocsinventory-ng:ocsinventory_ng:2.4.1