Joel Aviad Ossi’s Post

View profile for Joel Aviad Ossi

Managing Director at WebSec

Vulnerability Disclosure Institute: U.S. Department of Defense Vulnerability: SOAP WSDL SQL Code Execution Severity: Critical (9~10) Reference: CVE-2018-16803 Affected Application: CIMTechniques CIMScan 6.x through 6.2 Disclosure Status: Approved by DoD Source: https://lnkd.in/d5xQM9j DoD's Comments: A critical SOAP WSDL Parser SQL Code Execution vulnerability was discovered on a Department of Defense (DoD) website. If properly exploited this could have resulted in the complete loss of the website and the underlining information system. Researcher Joel Aviad Ossi (websecnl) was able to expertly demonstrate this vulnerability to the DoD's Vulnerability Disclosure Program (VDP), and it was rapidly mitigated by the system owner. Very well done Joel, thank you! DoD VDP Team HackerOne DoD Cyber Crime Center (DC3)

DC3 VDP on Twitter

DC3 VDP on Twitter

https://twitter.com

Walter Berkouwer

4y

Goed gedaan

Like
Reply
Joel Aviad Ossi

Managing Director at WebSec

4y

Practice makes perfect.

Like
Reply
Aviël O.

4y

#proud

Like
Reply
See more comments

To view or add a comment, sign in

Explore topics