XML External Entity Vulnerability in Aurea Jive Jive-n by Aurea
CVE-2018-5758

6.5MEDIUM

Key Information:

Vendor: Aurea
Status: Jive-n
Vendor: CVE Published:; 12 March 2018

What is CVE-2018-5758?

The Upload File functionality in upload.jspa of Aurea Jive Jive-n version 9.0.2.1 On-Premises is susceptible to an XML External Entity (XXE) attack. Attackers can exploit this vulnerability by uploading a specially crafted file that allows them to read arbitrary files on the server. This can lead to sensitive information disclosure and poses a significant security risk if not addressed.

References

https://rhinosecuritylabs.com/research/xml-external-entit...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2018
Vulnerability Reserved
Jan 17, 2018

CVE-2018-5758 Data

JSON