CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-16792

SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.7%

CVSS Severity

CVSS v3 Score 9.1

CVSS v2 Score 6.4

References

https://seclists.org/fulldisclosure/2018/Dec/0
https://seclists.org/fulldisclosure/2018/Dec/0

Products affected by CVE-2018-16792

Solarwinds » Sftp/scp Server » Version: N/A

cpe:2.3:a:solarwinds:sftp/scp_server:-
Solarwinds » Sftp/scp Server » Version: 2018-09-10

cpe:2.3:a:solarwinds:sftp/scp_server:2018-09-10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-16792

Products

Pricing

Contact Us