Home > Vulnerability Database > CVE-2023-6194

Mend.io Vulnerability Database

CVE-2023-6194

Good to know:

Date: December 11, 2023

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.

Language: Java

Severity Score

7.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-6194

Url: https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631

Url: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169

Url: https://gitlab.eclipse.org/security/cve-assignement/-/issues/15

Url: https://www.mend.io/vulnerability-database/CVE-2023-6194

Severity Score

7.1

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference ('XXE')

CWE-611

Top Fix

Upgrade Version

Upgrade to version R_1.15.0

Learn More

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-6194

Good to know:

Date: December 11, 2023

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?