CVE-2018-0878

LOW Year: 2018
CVSS v3 Score
3.1
Low
CVSS v2 Score
2.6
Low
Weakness Type
CWE-611
View all →

Vulnerability Description

Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability".

Related Vulnerabilities

CVE-2018-16252

LOW
CVSS:3.3(Low)

FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.

CWE-6112018

CVE-2020-12025

LOW
CVSS:3.3(Low)

Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resourc...

CWE-6112020

CVE-2016-0369

LOW
CVSS:2.7(Low)

XML external entity (XXE) vulnerability in IBM Forms Experience Builder 8.5, 8.5.1, and 8.6 allows remote authenticated users to obtain sensitive information via crafted XML data. IBM X-Force ID: 1120...

CWE-6112016

CVE-2021-21470

LOW
CVSS:3.6(Low)

SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which ...

CWE-6112021

CVE-2020-26229

LOW
CVSS:3.7(Low)

TYPO3 is an open source PHP based web content management system. In TYPO3 from version 10.4.0, and before version 10.4.10, RSS widgets are susceptible to XML external entity processing. This vulnerabi...

CWE-6112020

CVE-2023-27527

LOW
CVSS:2.5(Low)

Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.

CWE-6112023