mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
73 lines
2.4 KiB
JSON
73 lines
2.4 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
|
"DATE_PUBLIC": "2018-05-31T00:00:00",
|
|
"ID": "CVE-2018-10613",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "MDS PulseNET and MDS PulseNET Enterprise",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "Version 3.2.1 and prior"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "GE"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "XXE CWE-611"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "104377",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/104377"
|
|
},
|
|
{
|
|
"name": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1"
|
|
},
|
|
{
|
|
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02",
|
|
"refsource": "MISC",
|
|
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
|
|
}
|
|
]
|
|
}
|
|
} |