Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-09240
HistorySep 18, 2021 - 12:00 a.m.

Apache Jena XML External Entity Injection Vulnerability

2021-09-1800:00:00
China National Vulnerability Database
www.cnvd.org.cn
32

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Apache Jena is a Java Semantic Web framework from the U.S. Apache (Apache) Foundation . Apache Jena in versions prior to 4.1.0 has an XML external entity injection vulnerability, which stems from a web system or product that does not set the correct filtering to allow references to external entities, and a remote attacker could exploit the vulnerability by sending a specially crafted XML file to read the file.

CPENameOperatorVersion
apache jenale4.1.0

Related

cve 1
ubuntucve 1
ibm 8
github 1
prion 1
osv 1
debiancve 1
cve
cve
CVE-2021-39239
2021-09-16 15:15:00
ubuntucve
ubuntucve
CVE-2021-39239
2021-09-16 00:00:00
ibm
ibm
Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to XML external entity (XXE) attacks due to a vulnerability in XML processing in Apache Jena, in versions up to 4.1.0 (CVE-2021-39239)
2023-04-11 13:55:17
Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena Core
2023-10-04 08:11:57
Security Bulletin: IBM Jazz Reporting Service is vulnerable to XML external entity (XXE) attacks due to a vulnerability in XML processing in Apache Jena, in versions up to 4.1.0 (CVE-2021-39239)
2023-10-04 07:46:03
github
github
XML External Entity Reference in Apache Jena
2021-09-20 20:22:05
prion
prion
Xxe
2021-09-16 15:15:00
osv
osv
XML External Entity Reference in Apache Jena
2021-09-20 20:22:05
debiancve
debiancve
CVE-2021-39239
2021-09-16 15:15:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON
Related for CNVD-2022-09240
cve1ubuntucve1ibm8github1prion1osv1debiancve1