CVE-2018-10613: XEE
First published: Thu May 31 2018(Updated: )
Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GE MDS PulseNET | <=3.2.1 | |
| GE MDS PulseNET | <=3.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-10613?
CVE-2018-10613 is considered a high-severity vulnerability due to the potential for data exfiltration.
How do I fix CVE-2018-10613?
To fix CVE-2018-10613, upgrade GE MDS PulseNET or MDS PulseNET Enterprise to a version higher than 3.2.1.
What types of attacks are associated with CVE-2018-10613?
CVE-2018-10613 is associated with XML External Entity (XXE) attacks.
Which versions of GE MDS PulseNET are affected by CVE-2018-10613?
Versions of GE MDS PulseNET and MDS PulseNET Enterprise up to and including 3.2.1 are affected by CVE-2018-10613.
What impact does CVE-2018-10613 have on the system?
CVE-2018-10613 can allow attackers to exfiltrate sensitive data from the host Windows platform.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- vendor/ge
- canonical/ge mds pulsenet
- version/ge mds pulsenet/3.2.1