Vulnerability Description
netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netbeans-Mmd-Plugin Project | Netbeans-Mmd-Plugin | 1.4.3 |
Related Weaknesses (CWE)
References
- https://0dd.zone/2018/06/02/Netbeans-MMD-Plugin-XXE/ExploitThird Party Advisory
- https://github.com/raydac/netbeans-mmd-plugin/issues/45ExploitThird Party Advisory
- https://0dd.zone/2018/06/02/Netbeans-MMD-Plugin-XXE/ExploitThird Party Advisory
- https://github.com/raydac/netbeans-mmd-plugin/issues/45ExploitThird Party Advisory
FAQ
What is CVE-2018-1000542?
CVE-2018-1000542 is a vulnerability with a CVSS score of 7.8 (HIGH). netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote co...
How severe is CVE-2018-1000542?
CVE-2018-1000542 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000542?
Check the references section above for vendor advisories and patch information. Affected products include: Netbeans-Mmd-Plugin Project Netbeans-Mmd-Plugin.