How severe is CVE-2018-0100?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.4 out of 10.

What type of vulnerability is CVE-2018-0100?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2018-0100 - MEDIUM Severity | CVSS 4.4

Vulnerability Description

A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by injecting a crafted XML file with malicious entries, which could allow the attacker to read and write files. Cisco Bug IDs: CSCvg19341.

Related Vulnerabilities

CVE-2015-3160

MEDIUM

CVSS:4.3(Medium)

XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing en...

CWE-6112015

CVE-2016-0268

MEDIUM

CVSS:4.3(Medium)

XML external entity (XXE) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check ...

CWE-6112016

CVE-2017-10889

MEDIUM

CVSS:4.3(Medium)

TablePress prior to version 1.8.1 allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.

CWE-6112017

CVE-2017-3839

MEDIUM

CVSS:4.3(Medium)

An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the ...

CWE-6112017

CVE-2018-6225

MEDIUM

CVSS:4.3(Medium)

An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.

CWE-6112018

CVE-2020-26247

MEDIUM

CVSS:4.3(Medium)

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokog...

CWE-6112020