Dom4j as used by IBM QRadar SIEM contains multiple vulnerabilities
CVEID:CVE-2018-1000632
**DESCRIPTION:**dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a specially-crafted XML content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148750 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID:CVE-2020-10683
**DESCRIPTION:**dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181356 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
7.3
All WindowsDHCPProtocol versions before 7.3.0-QRADAR-PROTOCOL-WindowsDHCPProtocol-7.3-20201007124637
All SmbTailProtocol versions before 7.3.0-QRADAR-PROTOCOL-SmbTailProtocol-7.3-20201007124637
All OracleDatabaseListener versions before 7.3.0-QRADAR-PROTOCOL-OracleDatabaseListener-7.3-20201007124637
All WindowsExchangeProtocol versions before 7.3.0-QRADAR-PROTOCOL-WindowsExchangeProtocol-7.3-20201007124637
All WindowsIISProtocol versions before 7.3.0-QRADAR-PROTOCOL-WindowsIISProtocol-7.3-20201007124637
All EMCVMWareProtocol versions before 7.3.0-QRADAR-PROTOCOL-EMCVMWareProtocol-7.3-20200916171440
7.4
All WindowsDHCPProtocol versions before 7.4.0-QRADAR-PROTOCOL-WindowsDHCPProtocol-7.4-20201007123631
All SmbTailProtocol versions before 7.4.0-QRADAR-PROTOCOL-SmbTailProtocol-7.4-20201007123631
All OracleDatabaseListener versions before 7.4.0-QRADAR-PROTOCOL-OracleDatabaseListener-7.4-2020100712363
All WindowsExchangeProtocol versions before 7.4.0-QRADAR-PROTOCOL-WindowsExchangeProtocol-7.4-2020100712363
All WindowsIISProtocol versions before 7.4.0-QRADAR-PROTOCOL-WindowsIISProtocol-7.4-20201007123631
All EMCVMWareProtocol versions before 7.4.0-QRADAR-PROTOCOL-EMCVMWareProtocol-7.4-20200916171516
7.3
7.3.0-QRADAR-PROTOCOL-WindowsDHCPProtocol-7.3-20201007124637
7.3.0-QRADAR-PROTOCOL-SmbTailProtocol-7.3-20201007124637
7.3.0-QRADAR-PROTOCOL-OracleDatabaseListener-7.3-20201007124637
7.3.0-QRADAR-PROTOCOL-WindowsExchangeProtocol-7.3-20201007124637
7.3.0-QRADAR-PROTOCOL-WindowsIISProtocol-7.3-20201007124637
7.3.0-QRADAR-PROTOCOL-EMCVMWareProtocol-7.3-20200916171440
7.4
7.4.0-QRADAR-PROTOCOL-WindowsDHCPProtocol-7.4-20201007123631
7.4.0-QRADAR-PROTOCOL-SmbTailProtocol-7.4-20201007123631
7.4.0-QRADAR-PROTOCOL-OracleDatabaseListener-7.4-2020100712363
7.4.0-QRADAR-PROTOCOL-WindowsExchangeProtocol-7.4-2020100712363
7.4.0-QRADAR-PROTOCOL-WindowsIISProtocol-7.4-20201007123631
7.4.0-QRADAR-PROTOCOL-EMCVMWareProtocol-7.4-20200916171516
None