Lucene search
GoogleOSV:CVE-2017-7545HistoryJul 26, 2018 - 3:29 p.m.
CVE-2017-7545
2018-07-2615:29:00
Google
osv.dev
2
It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXternal Entity (XXE) attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| jbpm | eq | 2.0 | |
| jbpm | eq | 6.0.0.Alpha1 | |
| jbpm | eq | 2.2.Final | |
| jbpm | eq | 6.0.0.Alpha3 | |
| jbpm | eq | 6.0.0.Alpha4 | |
| jbpm | eq | 6.0.0.Beta1 | |
| jbpm | eq | 6.0.0.Alpha9 | |
| jbpm | eq | b4_uf_0.5.x |
Related
cve
cve
CVE-2017-7545
2018-07-26 15:29:00
redhatcve
redhatcve
CVE-2017-7545
2017-11-30 16:19:37
prion
prion
Xxe
2018-07-26 15:29:00
github
github
XML External Entity Reference in jbpmmigration
2022-05-13 01:36:17
cvelist
cvelist
CVE-2017-7545
2018-07-26 15:00:00
osv
osv
XML External Entity Reference in jbpmmigration
2022-05-13 01:36:17
nvd
nvd
CVE-2017-7545
2018-07-26 15:29:00
redhat
redhat
(RHSA-2017:3355) Moderate: Red Hat JBoss BPM Suite 6.4.7 security update
2017-11-30 16:30:18
(RHSA-2017:3354) Moderate: Red Hat JBoss BRMS 6.4.7 security update
2017-11-30 16:29:58