10

CVE-2018-1000835

KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta1
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta10
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta11
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta12
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta13
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta14
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta15
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta16
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta17
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta2
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta3
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta4
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta5
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta6
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta7
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta8
KeepassdxKeepass Dx Version2.5.0.0 Updatebeta9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.449
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 3.9 6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://github.com/Kunzisoft/KeePassDX/issues/200
Third Party Advisory
Issue Tracking