What is the severity of CVE-2018-16792?

CVE-2018-16792 has a medium severity rating due to the potential for sensitive data exfiltration via XML External Entity (XXE) injection.

How do I fix CVE-2018-16792?

To fix CVE-2018-16792, update to a version of SolarWinds SFTP/SCP Server released after September 10, 2018, which addresses the XXE vulnerability.

What types of attacks can CVE-2018-16792 be exploited for?

CVE-2018-16792 can be exploited for data exfiltration attacks by leveraging the XXE vulnerability in the configuration file.

What is the impact of CVE-2018-16792 on sensitive data?

The impact of CVE-2018-16792 is that it allows attackers to access and exfiltrate sensitive data from a world-readable configuration file.

Which versions of SolarWinds SFTP/SCP Server are affected by CVE-2018-16792?

CVE-2018-16792 affects all versions of SolarWinds SFTP/SCP Server up to and including 2018-09-10.

Vulnerability/
CVE-2018-16792

critical

9.1

CWE

611

5/12/2018

5/8/2024

CVE-2018-16792: XEE

First published: Wed Dec 05 2018(Updated: )

SolarWinds SFTP/SCP server through 2018-09-10 is vulnerable to XXE via a world readable and writable configuration file that allows an attacker to exfiltrate data.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Solarwinds Sftp\/scp Server	<=2018-09-10

Never miss a vulnerability like this again

Reference Links

https://seclists.org/fulldisclosure/2018/Dec/0

Frequently Asked Questions

What is the severity of CVE-2018-16792?
CVE-2018-16792 has a medium severity rating due to the potential for sensitive data exfiltration via XML External Entity (XXE) injection.
How do I fix CVE-2018-16792?
To fix CVE-2018-16792, update to a version of SolarWinds SFTP/SCP Server released after September 10, 2018, which addresses the XXE vulnerability.
What types of attacks can CVE-2018-16792 be exploited for?
CVE-2018-16792 can be exploited for data exfiltration attacks by leveraging the XXE vulnerability in the configuration file.
What is the impact of CVE-2018-16792 on sensitive data?
The impact of CVE-2018-16792 is that it allows attackers to access and exfiltrate sensitive data from a world-readable configuration file.
Which versions of SolarWinds SFTP/SCP Server are affected by CVE-2018-16792?
CVE-2018-16792 affects all versions of SolarWinds SFTP/SCP Server up to and including 2018-09-10.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/tags
agent/references
agent/last-modified-date
agent/severity
agent/first-publish-date
agent/event
agent/description
agent/source
vendor/solarwinds
canonical/solarwinds sftp\/scp server
version/solarwinds sftp\/scp server/2018-09-10

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2018-16792?
CVE-2018-16792 has a medium severity rating due to the potential for sensitive data exfiltration via XML External Entity (XXE) injection.
How do I fix CVE-2018-16792?
To fix CVE-2018-16792, update to a version of SolarWinds SFTP/SCP Server released after September 10, 2018, which addresses the XXE vulnerability.
What types of attacks can CVE-2018-16792 be exploited for?
CVE-2018-16792 can be exploited for data exfiltration attacks by leveraging the XXE vulnerability in the configuration file.
What is the impact of CVE-2018-16792 on sensitive data?
The impact of CVE-2018-16792 is that it allows attackers to access and exfiltrate sensitive data from a world-readable configuration file.
Which versions of SolarWinds SFTP/SCP Server are affected by CVE-2018-16792?
CVE-2018-16792 affects all versions of SolarWinds SFTP/SCP Server up to and including 2018-09-10.