CVE-2017-7545 Vulnerability Details

  /     /     /  

CVE-2017-7545 Metadata Quick Info

CVE Published: 26/07/2018 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: redhat | Vendor: KIE | Product: jbpm-designer
Status : PUBLISHED

---

CVE-2017-7545 Description

It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXternal Entity (XXE) attacks.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-611
CWE Name: CWE-611
Source: KIE

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).