{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T15:12:02.106","vulnerabilities":[{"cve":{"id":"CVE-2018-1000821","sourceIdentifier":"cve@mitre.org","published":"2018-12-20T15:29:00.797","lastModified":"2024-11-21T03:40:25.547","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted SMathStudio files. This vulnerability appears to have been fixed in after commit 5c05ac8."},{"lang":"es","value":"MicroMathematics, en versiones anteriores al commit con ID 5c05ac8 contiene una vulnerabilidad XEE (XML External Entity) en los archivos SMathStudio que puede resultar en la divulgación de datos confidenciales, denegación de servicio, SSRF o escaneo de puertos. Este ataque parece ser explotable mediante archivos SMathStudio especialmente manipulados. La vulnerabilidad parece haber sido solucionada tras el commit con ID 5c05ac8."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:micromathematics_project:micromathematics:*:*:*:*:*:*:*:*","versionEndExcluding":"2.17.3","matchCriteriaId":"8391F120-FFF8-4940-8B20-1F9FE92A49C6"}]}]}],"references":[{"url":"https://0dd.zone/2018/10/27/micromathematics-XXE/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/mkulesh/microMathematics/issues/79","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://0dd.zone/2018/10/27/micromathematics-XXE/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/mkulesh/microMathematics/issues/79","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]}]}}]}