XML External Entity (XXE) Vulnerability in KeePassDX Version <= 2.5.0.0beta17: Confidential Data Disclosure and Denial of Service

XML External Entity (XXE) Vulnerability in KeePassDX Version <= 2.5.0.0beta17: Confidential Data Disclosure and Denial of Service

CVE-2018-1000835 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

KeePassDX version <= 2.5.0.0beta17 contains a XML External Entity (XXE) vulnerability in kdbx file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning.

Learn more about our External Network Penetration Testing.