CVE-2017-7545 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2017-7545

CVE-2017-7545

July 26, 2018

It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXternal Entity (XXE) attacks.

Related Resources (8)

https://bugzilla.redhat.com/show_bug.cgi?id=1474822

http://www.securityfocus.com/bid/102179

https://access.redhat.com/errata/RHSA-2017:3354

https://github.com/kiegroup/jbpmmigration

https://github.com/kiegroup/jbpm-designer/commit/a143f3b92a6a5a527d929d68c02a0c5d914ab81d

https://nvd.nist.gov/vuln/detail/CVE-2017-7545

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7545

https://access.redhat.com/errata/RHSA-2017:3355

Do you need more information?

CVSS v4

Base Score:

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

CVSS v2

Base Score:

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference

CWE-611

EPSS

Base Score:

0.77

Products

Solutions

Resources

Company

Compare

Developer Tools