CRITICAL🇬🇧 English

CVE-2018-1000614

CVSS 9.8v3.0pub. 2018-07-09upd. 2024-11-21

ONOS ONOS Controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in providers/netconf/alarm/src/main/java/org/onosproject/provider/netconf/alarm/NetconfAlarmTranslator.java that can result in An adversary can remotely launch advanced XXE attacks on ONOS controller without authentication.. This attack appear to be exploitable via crafted protocol message.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Onosproject Onos

    APP
    Onosproject
    ≤ 1.13.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XXE
CWE
Referencje

Powiązane podatności

CVE-2019-13624CRITICAL9.8ten sam produkt

In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote...

CVE-2018-1000616CRITICAL9.8ten sam produkt

ONOS ONOS controller version 1.13.1 and earlier contains a XML External Entity (XXE) vulnerability in onos\dri...

CVE-2017-1000081CRITICAL9.8ten sam produkt

Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote...

CVE-2018-1000615HIGH7.5ten sam produkt

ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in ...

CVE-2017-13763HIGH7.5ten sam produkt

ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of memory allocated. The Netty payload size ...