CVE-2014-2228

Опубликовано: 19 фев. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.

Ссылки

https://web.archive.org/web/20140425095352/http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Remote-code-execution-and-XML-Entity-Expansion-injection/ba-p/6403370
Exploit
Third Party Advisory
https://web.archive.org/web/20140425095352/http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Remote-code-execution-and-XML-Entity-Expansion-injection/ba-p/6403370
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:talend:restlet:*:*:*:*:*:*:*:*

Версия до 2.1.7 (включая)

cpe:2.3:a:talend:restlet:2.2:m1:*:*:*:*:*:*

cpe:2.3:a:talend:restlet:2.2:m2:*:*:*:*:*:*

cpe:2.3:a:talend:restlet:2.2:m3:*:*:*:*:*:*

cpe:2.3:a:talend:restlet:2.2:m4:*:*:*:*:*:*

cpe:2.3:a:talend:restlet:2.2:m5:*:*:*:*:*:*

cpe:2.3:a:talend:restlet:2.2:m6:*:*:*:*:*:*

cpe:2.3:a:talend:restlet:2.2:rc1:*:*:*:*:*:*

cpe:2.3:a:talend:restlet:2.2:rc2:*:*:*:*:*:*

cpe:2.3:a:talend:restlet:2.2:snapshot:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03766

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-776

Связанные уязвимости

GHSA-442w-6f43-74g9