XML External Entity (XXE) Vulnerability in S3 Browser before 8.1.5

CVE-2018-20298 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

S3 Browser before 8.1.5 contains an XML external entity (XXE) vulnerability, allowing remote attackers to read arbitrary files and obtain NTLMv2 hash values by tricking a user into connecting to a malicious server via the S3 protocol.

Learn more about our Cis Benchmark Audit For Server Software.