CVE-2022-28890 Vulnerability Details

  /     /     /  

CVE-2022-28890 Metadata Quick Info

CVE Published: 05/05/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: apache | Vendor: Apache Software Foundation | Product: Apache Jena
Status : PUBLISHED

---

CVE-2022-28890 Description

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: XML External DTD vulnerability
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).