CVE-2018-1000837

CRITICAL

UML Designer <= 8.0.0 - XML External Entity Injection via Plugins.xml

Title source: llm
STIX 2.1

Description

UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file.

References (2)

Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://0dd.zone/2018/10/28/uml-designer-XXE/
Third Party Advisory x_refsource_misc
https://github.com/ObeoNetwork/UML-Designer/issues/1035

Scores

CVSS v3 10.0
EPSS 0.0180
EPSS Percentile 75.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-611
Status published
Products (1)
obeo/uml_designer < 8.0.0
Published Dec 20, 2018
Tracked Since Feb 18, 2026