CVE-2017-6055

Опубликовано: 17 фев. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file.

Ссылки

https://cert.lv/lv/2017/02/iznakusas-nedelas-zinas-par-drosibas-incidentiem-nr-4-2017
Third Party Advisory
https://www.eparaksts.lv/en/Assistance/downloads/eparakstitajs-3-0/previous-versions-of-eparakstitajs-3-0/
Release Notes
Vendor Advisory
https://cert.lv/lv/2017/02/iznakusas-nedelas-zinas-par-drosibas-incidentiem-nr-4-2017
Third Party Advisory
https://www.eparaksts.lv/en/Assistance/downloads/eparakstitajs-3-0/previous-versions-of-eparakstitajs-3-0/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eparaksts:eparakstitajs_3:*:*:*:*:*:*:*:*

Версия до 1.3.8 (включая)

EPSS

Процентиль: 67%

0.00542

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-w28f-fwq3-x4p2