CVE-2019-12154

Опубликовано: 11 июн. 2019

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.

Ссылки

https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html
Third Party Advisory
https://www.pdfreactor.com/important-pdfreactor-security-advisory/
Vendor Advisory
https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/
Release Notes
Vendor Advisory
https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html
Third Party Advisory
https://www.pdfreactor.com/important-pdfreactor-security-advisory/
Vendor Advisory
https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:realobjects:pdfreactor:*:*:*:*:*:*:*:*

Версия до 10.1.10722 (исключая)

EPSS

Процентиль: 67%

0.00543

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-492j-2xcm-p3gg