Lucene search

XML External Entity Reference in Apache Jena

🗓️ 20 Sep 2021 20:05:22Reported by GitHub Advisory DatabaseType

Apache Jena XML External Entity Reference vulnerabilit

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 19
Veracode	XML External Entity (XXE)	17 Sep 202106:19	–	veracode
CNVD	Apache Jena XML External Entity Injection Vulnerability	18 Sep 202100:00	–	cnvd
UbuntuCve	CVE-2021-39239	16 Sep 202100:00	–	ubuntucve
CVE	CVE-2021-39239	16 Sep 202115:15	–	cve
IBM Security Bulletins	Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to XML external entity (XXE) attacks due to a vulnerability in XML processing in Apache Jena, in versions up to 4.1.0 (CVE-2021-39239)	11 Apr 202313:55	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Engineering Lifecycle Management is impacted by vulnerabilities in Apache Jena	13 Jan 202508:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena Core	4 Oct 202308:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Jazz Reporting Service is vulnerable to XML external entity (XXE) attacks due to a vulnerability in XML processing in Apache Jena, in versions up to 4.1.0 (CVE-2021-39239)	4 Oct 202307:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus is vulnerable to a remote attack due to Apache Jena (CVE-2021-39239, CVE-2022-28890, CVE-2023-22665).	3 Jul 202318:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Protect for Virtual Environments is vulnerable to arbitrary code execution, sensitive information disclosure, and denial of service due to CVEs in Apache Velocity, Apache Jena, and XStream (woodstox)	17 Nov 202323:49	–	ibm

Vulners

Node

org.apache.jena jena-coreRange<4.2.0

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-39239
lists	www.lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9f610d3221d493d%40%3Cusers.jena.apache.org%3E
lists	www.lists.apache.org/thread.html/rf44d529c54ef1d0097e813f576a0823a727e1669a9f610d3221d493d@%3Cannounce.apache.org%3E
lists	www.lists.apache.org/thread.html/r0f03ae7e102c3e8587fdd36531fc167309335738156dfbd7d9c1bf45@%3Cdev.jena.apache.org%3E
lists	www.lists.apache.org/thread.html/rce5241b228a1f0e5880f6b2bfdb7ae9ee420e94cb692738a0bbfed9d@%3Cdev.jena.apache.org%3E
github	www.github.com/advisories/GHSA-7rp6-w7mg-h8rw

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

20 Sep 2021 20:22Current

7.5High risk

Vulners AI Score7.5

CVSS25

CVSS37.5

EPSS0.0058

CWE-611