Описание
XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint.
Комментарий
CWE-611: Improper Restriction of XML External Entity Reference ('XXE')
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
EPSS
5 Medium
CVSS2
Дефекты
Связанные уязвимости
XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint.
XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint.
EPSS
5 Medium
CVSS2