CVE-2019-0228

Опубликовано: 17 апр. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:pdfbox:2.0.14:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:apache:james:3.3.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:james:3.4.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_virtual_account_management:14.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_virtual_account_management:14.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*

Версия от 8.0.0.0 (включая) до 8.2.4.0 (включая)

cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hyperion_financial_reporting:11.2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.13208

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-611

Связанные уязвимости

CVE-2019-0228

CVSS3: 9.8

ubuntu

почти 7 лет назад

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

CVE-2019-0228

CVSS3: 5.9

redhat

почти 7 лет назад

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

CVE-2019-0228

CVSS3: 9.8

debian

почти 7 лет назад

Apache PDFBox 2.0.14 does not properly initialize the XML parser, whic ...

GHSA-c9jj-3wvg-q65h

CVSS3: 9.8

github

больше 6 лет назад

Vulnerability that affects org.apache.pdfbox:pdfbox

BDU:2021-02442

CVSS3: 9.8

fstec

почти 7 лет назад

Уязвимость синтаксического анализатора XML Java-библиотеки Apache PDFBox, позволяющая нарушителю проводить XXE-атаки

EPSS

Процентиль: 94%

0.13208

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-611