XML External Entity Injection in Jive-n | [CVE-2018-5758]

Vulnerability Details

CVSS Rating: 6.5 (low)

CVE-2018-5758

Disclosing Company: Rhino Security Labs

Date: 01/17/2018

Status: Published

Affected software/version:
Aurea Jive Jive-n 9.0.2.1 On-Premises

Disclosure

Rhino Security Labs References

Blog Post: XML External Entity Injection in Jive-n (CVE-2018-5758)

MITRE

NIST

Disclosure Date

01/17/2018

Vulnerability Description

The Upload File functionality in upload.jspa in Aurea Jive Jive-n 9.0.2.1 On-Premises allows for an XML External Entity attack through a crafted file, allowing attackers to read arbitrary files.

CVSS Metrics

CVSS Rating (version 3.0)

6.5 (Low)

XML External Entity Injection in Jive-n[CVE-2018-5758]