cpe:/a:ocsinventory-ng:ocsinventory_ng:2.4.1 CVE-2018-14473 2018-08-03T21:29:03.873-04:00 2018-09-30T21:54:04.663-04:00 6.4 NETWORK LOW NONE PARTIAL NONE PARTIAL http://nvd.nist.gov 2018-09-28T12:08:03.333-04:00 MISC https://www.tarlogic.com/en/blog/vulnerabilities-in-ocs-inventory-2-4-1/ OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.