Lucene search

RedhatCVE-2015-1818

HistoryAug 11, 2015 - 2:59 p.m.

CVE-2015-1818

2015-08-1114:59:00

redhat

web.nvd.nist.gov

cve-2015-1818

xxe vulnerability

red hat jboss bpm suite

documentbuilders

ssrf

nvd

security vulnerability

xml external entity

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.006

Percentile

79.1%

JSON

XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document.

Affected configurations

Nvd

Node

redhatjboss_bpm_suiteRange≤6.1.0

VendorProductVersionCPE
redhatjboss_bpm_suite*cpe:2.3:a:redhat:jboss_bpm_suite:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	jboss_bpm_suite	*	cpe:2.3:a:redhat:jboss_bpm_suite::::::::

References

rhn.redhat.com/errata/RHSA-2015-1539.html

rhn.redhat.com/errata/RHSA-2015-1704.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.006

Percentile

79.1%

JSON

Related for CVE-2015-1818