Lucene search

PRIOn knowledge basePRION:CVE-2017-7545

HistoryJul 26, 2018 - 3:29 p.m.

Xxe

2018-07-2615:29:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.5%

JSON

It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXternal Entity (XXE) attacks.

CPENameOperatorVersion
decision_managereq7.0
jboss_bpm_suiteeq6.4
jbpmeq6.5

Name	Operator	Version
decision_manager	eq	7.0
jboss_bpm_suite	eq	6.4
jbpm	eq	6.5

References

www.securityfocus.com/bid/102179

access.redhat.com/errata/RHSA-2017:3354

access.redhat.com/errata/RHSA-2017:3355

bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7545

github.com/kiegroup/jbpm-designer/commit/a143f3b92a6a5a527d929d68c02a0c5d914ab81d