CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-20000

Apereo Bedework bw-webdav before 4.0.3 allows XXE attacks, as demonstrated by an invite-reply document that reads a local file, related to webdav/servlet/common/MethodBase.java and webdav/servlet/common/PostRequestPars.java.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 51.0%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://github.com/Bedework/bw-webdav/compare/bw-webdav-4.0.2...bw-webdav-4.0.3
https://github.com/Bedework/bw-webdav/pull/1
https://github.com/Bedework/bw-webdav/compare/bw-webdav-4.0.2...bw-webdav-4.0.3
https://github.com/Bedework/bw-webdav/pull/1

Products affected by CVE-2018-20000

Apereo » Bw-Webdav » Version: 3.4.1

cpe:2.3:a:apereo:bw-webdav:3.4.1
Apereo » Bw-Webdav » Version: 4.0.0

cpe:2.3:a:apereo:bw-webdav:4.0.0
Apereo » Bw-Webdav » Version: 4.0.1

cpe:2.3:a:apereo:bw-webdav:4.0.1
Apereo » Bw-Webdav » Version: 4.0.2

cpe:2.3:a:apereo:bw-webdav:4.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20000

Products

Pricing

Contact Us