CVE-2018-14473
NONE9.1CVSS v3
6.4CVSS v2
2.62%
EPSS (exploit probability)
CWE-611CWE
Description
OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.
CVSS v3 vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected routers (1)
| Vendor | Model | Matched via | Affected versions | Fixed in | Patch? |
|---|---|---|---|---|---|
| Ubiquiti | Ubiquiti EdgeRouter X | — |
— | — | No |