Vulnerability Disclosure Institute: U.S. Department of Defense Vulnerability: SOAP WSDL SQL Code Execution Severity: Critical (9~10) Reference: CVE-2018-16803 Affected Application: CIMTechniques CIMScan 6.x through 6.2 Disclosure Status: Approved by DoD Source: https://lnkd.in/d5xQM9j DoD's Comments: A critical SOAP WSDL Parser SQL Code Execution vulnerability was discovered on a Department of Defense (DoD) website. If properly exploited this could have resulted in the complete loss of the website and the underlining information system. Researcher Joel Aviad Ossi (websecnl) was able to expertly demonstrate this vulnerability to the DoD's Vulnerability Disclosure Program (VDP), and it was rapidly mitigated by the system owner. Very well done Joel, thank you! DoD VDP Team HackerOne DoD Cyber Crime Center (DC3)
Practice makes perfect.
#proud
Report
Report
Goed gedaan