exploitDog

CVE-2019-10244

Опубликовано: 09 апр. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.

Ссылки

http://www.securityfocus.com/bid/107844
Third Party Advisory
VDB Entry
https://bugs.eclipse.org/bugs/show_bug.cgi?id=545835
Issue Tracking
Vendor Advisory
http://www.securityfocus.com/bid/107844
Third Party Advisory
VDB Entry
https://bugs.eclipse.org/bugs/show_bug.cgi?id=545835
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eclipse:kura:*:*:*:*:*:*:*:*

Версия до 4.0.0 (включая)

EPSS

Процентиль: 45%

0.00219

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-611

CWE-611

Связанные уязвимости

GHSA-xxp4-hw2v-2vcr

CVSS3: 7.5

github

около 3 лет назад

In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.

EPSS

Процентиль: 45%

0.00219

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-611

CWE-611