How severe is CVE-2018-0414?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.7 out of 10.

What type of vulnerability is CVE-2018-0414?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2018-0414 - MEDIUM Severity | CVSS 5.7

Vulnerability Description

A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.

Related Vulnerabilities

CVE-2020-4606

MEDIUM

CVSS:5.7(Medium)

IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A local attacker could exploit this vulnerability to expose sensitiv...

CWE-6112020

CVE-2016-7458

MEDIUM

CVSS:5.8(Medium)

VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote vCenter Server and ESXi instances to read arbitrary files via an XML document containing an external entity declaration in conjunc...

CWE-6112016

CVE-2024-28039

MEDIUM

CVSS:5.8(Medium)

Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cau...

CWE-6112024

CVE-2020-14379

MEDIUM

CVSS:5.6(Medium)

A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure.

CWE-6112020

CVE-2012-5656

MEDIUM

CVSS:5.5(Medium)

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

CWE-6112012

CVE-2016-5000

MEDIUM

CVSS:5.5(Medium)

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity re...

CWE-6112016