CVE-2018-18406

{"id": "CVE-2018-18406", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2019-06-19T16:15:10.517", "references": [{"url": "https://forum.tufin.com/support/kc/latest/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/45808", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.tufin.com/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Tufin SecureTrack 18.1 with TufinOS 2.16 build 1179(Final). The Audit Report module is affected by a blind XXE vulnerability when a new Best Practices Report is saved using a special payload inside the xml input field. The XXE vulnerability is blind since the response doesn't directly display a requested file, but rather returns it inside the name data field when the report is saved. An attacker is able to view restricted operating system files. This issue affects all types of users: administrators or normal users."}, {"lang": "es", "value": "Se detecto un problema en Tufin SecureTrack 18.1 con TufinOS 2.16, compilaci\u00f3n 1179 (final). El m\u00f3dulo Informe de auditor\u00eda se ve afectado por una vulnerabilidad oculta de la XXE cuando se guarda un nuevo Informe de mejores pr\u00e1cticas utilizando una carga \u00fatil especial dentro del campo de entrada de XML. La vulnerabilidad XXE es ciega, ya que la respuesta no muestra directamente un archivo solicitado, sino que lo devuelve dentro del campo de datos de nombre cuando se guarda el informe. Un atacante puede ver archivos restringidos del sistema operativo. Este problema afecta a todos los tipos de usuarios: administradores o usuarios normales."}], "lastModified": "2019-06-24T12:29:21.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tufin:securetrack:18.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0060C64E-B812-4103-B0CF-4AF9F2D2E949"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:tufin:tufinos:2.16:build_1179:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9F3DC27C-1EAC-4FDD-97C4-63D69C9AEB28"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}