CyberSec.Space Logo
Back to CVE Browser

CVE-2018-8900

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.0320%
EPSS Percentile40.24th
PublishedMay 2, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability.

Affected Platforms (CPE)

πŸ“¦
Gemalto

Sentinel Ldk Rte

< 7.80

References & Advisories

πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-566773.pdf
πŸ”— https://drive.google.com/file/d/18BaBzGcjWAfJyZ_phWEVerYmmLB-vxF-/view?usp=sharing
πŸ”— https://cert-portal.siemens.com/productcert/pdf/ssa-566773.pdf
πŸ”— https://drive.google.com/file/d/18BaBzGcjWAfJyZ_phWEVerYmmLB-vxF-/view?usp=sharing

Related Vulnerabilities

CVE-2017-128229.9

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK...

CVE-2017-128199.8

Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and...

CVE-2017-128219.8

Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might caus...

CVE-2018-63047.5

Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service