How severe is CVE-2017-18111?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.7 out of 10.

What type of vulnerability is CVE-2017-18111?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2017-18111

HIGH Year: 2017

CVSS v3 Score

8.7

High

CVSS v2 Score

5.5

Medium

Weakness Type

CWE-611

View all →

Vulnerability Description

The OAuthHelper in Atlassian Application Links before version 5.0.10, from version 5.1.0 before version 5.1.3, and from version 5.2.0 before version 5.2.6 used an XML document builder that was vulnerable to XXE when consuming a client OAuth request. This allowed malicious oauth application linked applications to probe internal network resources by requesting internal locations, read the contents of files and also cause an out of memory exception affecting availability via an XML External Entity vulnerability.

CVE-2020-12719

HIGH

CVSS:8.7(High)

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 ...

CWE-6112020

CVE-2024-25606

HIGH

CVSS:8.7(High)

XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported vers...

CWE-6112024

CVE-2025-27523

HIGH

CVSS:8.7(High)

XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10...

CWE-6112025

CVE-2016-4264

HIGH

CVSS:8.6(High)

The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a craft...

CWE-6112016

CVE-2016-7051

HIGH

CVSS:8.6(High)

XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vec...

CWE-6112016

CVE-2016-9691

HIGH

CVSS:8.6(High)

IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploi...

CWE-6112016

CVE-2017-18111

Vulnerability Description

Related Vulnerabilities

CVE-2020-12719

CVE-2024-25606

CVE-2025-27523

CVE-2016-4264

CVE-2016-7051

CVE-2016-9691