CVE-2018-1000835
high-risk
Published 2018-12-20
KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.
Do I need to act?
-
0.24% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10
Critical
NETWORK
/ LOW complexity
Affected Products (17)
Keepass Dx
Keepass Dx
Keepass Dx
Keepass Dx
Keepass Dx
Keepass Dx
Keepass Dx
Keepass Dx
Keepass Dx
Keepass Dx
Keepass Dx
Keepass Dx
Keepass Dx
Keepass Dx
Keepass Dx
Keepass Dx
Keepass Dx
Affected Vendors
References (4)
Third Party Advisory
https://0dd.zone/2018/10/28/KeePassDX-XXE/
Issue Tracking
https://github.com/Kunzisoft/KeePassDX/issues/200
Third Party Advisory
https://0dd.zone/2018/10/28/KeePassDX-XXE/
Issue Tracking
https://github.com/Kunzisoft/KeePassDX/issues/200
53
/ 100
high-risk
Severity
33/34 · Critical
Exploitability
1/34 · Minimal
Exposure
19/34 · Moderate