CVE-2018-0489 in XMLTooling-Cinfo

Zusammenfassung

von MITRE

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

27.11.2017

Veröffentlichung

27.02.2018

Moderieren

akzeptiert

Eintrag

VDB-113906

CPE

bereit

CWE

CWE-347 (bestätigt)

CVSS

6.5 (NVD)

EPSS

0.01222

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2018-0489
NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0489
CVE Details	https://www.cvedetails.com/cve/CVE-2018-0489/

◂ Zurück Übersicht Weiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!