Vulnerability Details : CVE-2018-1000546
Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML).
Vulnerability category: XML external entity (XXE) injectionServer-side request forgery (SSRF) Execute codeInformation leak
Exploit prediction scoring system (EPSS) score for CVE-2018-1000546
0.73%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less