Описание
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.0.0 (включая)
cpe:2.3:a:redhat:jboss_data_virtualization:*:*:*:*:*:*:*:*
Конфигурация 2Версия до 8.6 (включая)
Одно из
cpe:2.3:a:jboss:teiid:*:*:*:*:*:*:*:*
cpe:2.3:a:jboss:teiid:8.4:*:*:*:*:*:*:*
EPSS
Процентиль: 67%
0.00529
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
redhat
больше 11 лет назад
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue.
github
больше 3 лет назад
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue.
EPSS
Процентиль: 67%
0.00529
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other