CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-8900

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.0320%
EPSS Percentile40.24th
Published2018年5月2日
Last Modified2024年11月21日

Vulnerability Description

The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability.

Affected Platforms (CPE)

📦
Gemalto

Sentinel Ldk Rte

< 7.80

References & Advisories

🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-566773.pdf
🔗 https://drive.google.com/file/d/18BaBzGcjWAfJyZ_phWEVerYmmLB-vxF-/view?usp=sharing
🔗 https://cert-portal.siemens.com/productcert/pdf/ssa-566773.pdf
🔗 https://drive.google.com/file/d/18BaBzGcjWAfJyZ_phWEVerYmmLB-vxF-/view?usp=sharing

相关漏洞威胁

CVE-2017-128229.9

Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK...

CVE-2017-128199.8

Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and...

CVE-2017-128219.8

Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might caus...

CVE-2018-63047.5

Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service