CVE-2018-17186

Summary

An administrator with workflow definition entitlements can use DTD to perform malicious operations, including but not limited to file read, file write, and code execution.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache SyncopeApache Syncope releases prior to 2.0.11 and 2.1.2affected

Weaknesses

  • Remote code execution

ADP Enrichment

CVE Program Container

Additional References

References