Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-125087

Опубликовано: 19 фев. 2023
Источник: redhat
CVSS3: 9.8

Описание

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.

A flaw was found in java-xmlbuilder. The manipulation leads to an XML external entity (XXE) reference.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch6-rhel8Not affected
Red Hat build of Apache Camel for Spring Boot 3java-xmlbuilderNot affected
Red Hat Fuse 7java-xmlbuilderNot affected
Red Hat Integration Camel K 1java-xmlbuilderNot affected
Red Hat JBoss Data Grid 7java-xmlbuilderOut of support scope
Red Hat JBoss Enterprise Application Platform 7java-xmlbuilderNot affected
Red Hat JBoss Enterprise Application Platform Expansion Packjava-xmlbuilderNot affected
Red Hat JBoss Fuse 6java-xmlbuilderOut of support scope
Red Hat JBoss Fuse Service Works 6java-xmlbuilderOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-611
https://bugzilla.redhat.com/show_bug.cgi?id=2172069java-xmlbuilder: XMLBuilder2 is vulnerable to XML External Entity (XXE) injection

9.8 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2014-125087

CVSS3: 5.5
ubuntu
почти 3 года назад

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.

nvd логотип

CVE-2014-125087

CVSS3: 5.5
nvd
почти 3 года назад

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.

github логотип

GHSA-3vrc-rrpw-r5pw

CVSS3: 9.8
github
почти 3 года назад

java-xmlbuilder vulnerable to XML External Entity Reference

9.8 Critical

CVSS3