{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T14:09:22.608","vulnerabilities":[{"cve":{"id":"CVE-2018-1000837","sourceIdentifier":"cve@mitre.org","published":"2018-12-20T15:29:01.703","lastModified":"2024-11-21T03:40:27.830","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"UML Designer version <= 8.0.0 contains a XML External Entity (XXE) vulnerability in XML parser for plugins that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious plugins.xml file."},{"lang":"es","value":"UML Designer, en versiones iguales o anteriores a la 8.0.0, contiene una vulnerabilidad de XEE (XML External Entity) en el analizador de XML para los plugins. Esto puede resultar en la divulgación de datos confidenciales, una denegación de servicio (DoS), Server-Side Request Forgery (SSRF) o el escaneo de puertos. Parece ser que este ataque puede ser explotado mediante un archivo plugins.xml malicioso."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:obeo:uml_designer:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.0","matchCriteriaId":"037A3814-8225-40E4-BF93-D3C8859428E7"}]}]}],"references":[{"url":"https://0dd.zone/2018/10/28/uml-designer-XXE/","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/ObeoNetwork/UML-Designer/issues/1035","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://0dd.zone/2018/10/28/uml-designer-XXE/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/ObeoNetwork/UML-Designer/issues/1035","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}