{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T10:31:15.076","vulnerabilities":[{"cve":{"id":"CVE-2018-1000069","sourceIdentifier":"cve@mitre.org","published":"2018-03-13T15:29:00.207","lastModified":"2024-11-21T03:39:34.007","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FreePlane version 1.5.9 and earlier contains a XML External Entity (XXE) vulnerability in XML Parser in mindmap loader that can result in stealing data from victim's machine. This attack appears to require the victim to open a specially crafted mind map file. This vulnerability appears to have been fixed in 1.6+."},{"lang":"es","value":"FreePlane, en su versión 1.5.9 y anteriores, contiene una vulnerabilidad de XEE (XML External Entity) en el analizador XML en el cargador mindmap que puede dar como resultado el robo de datos de la máquina de la víctima. Parece que este ataque requiere que la víctima abra un archivo mindmap especialmente manipulado. Esta vulnerabilidad parece haber sido solucionada en las versiones posteriores a 1.6."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freeplane:freeplane:*:*:*:*:*:*:*:*","versionEndIncluding":"1.5.9","matchCriteriaId":"0F9A466F-71A4-4357-9667-9823A2B1E301"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"16F59A04-14CF-49E2-9973-645477EA09DA"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00019.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4175","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_map_parser","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.youtube.com/watch?v=7IXtiTNilAI","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00019.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4175","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_map_parser","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.youtube.com/watch?v=7IXtiTNilAI","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}