XML External Entity Vulnerability in bw-calendar-engine by Bedework
CVE-2018-1000836
9CRITICAL
What is CVE-2018-1000836?
The bw-calendar-engine prior to version 3.12.0 contains an XML External Entity (XXE) vulnerability in the IscheduleClient XML Parser. This security flaw allows attackers to potentially disclose confidential information, execute denial of service attacks, perform server-side request forgery (SSRF), and conduct port scanning. The exploit can be executed through Man-in-the-Middle (MitM) attacks or via a malicious server setup, making it crucial for users of affected versions to apply patches or upgrades.
