S3browser: Security Vulnerabilities
An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-07-09
S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-12-19