How severe is CVE-2018-15444?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2018-15444?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2018-15444 - HIGH Severity | CVSS 7.3

Vulnerability Description

A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application.

Related Vulnerabilities

CVE-2016-5795

HIGH

CVSS:7.3(High)

An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker coul...

CWE-6112016

CVE-2017-5661

HIGH

CVSS:7.3(High)

In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend o...

CWE-6112017

CVE-2017-5662

HIGH

CVSS:7.3(High)

In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depe...

CWE-6112017

CVE-2018-12463

HIGH

CVSS:7.3(High)

An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side reques...

CWE-6112018

CVE-2022-0265

HIGH

CVSS:7.3(High)

Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1.

CWE-6112022

CVE-2022-0272

HIGH

CVSS:7.3(High)

Improper Restriction of XML External Entity Reference in GitHub repository detekt/detekt prior to 1.20.0.

CWE-6112022