Lucene search

PRIOn knowledge basePRION:CVE-2019-9628

HistoryApr 11, 2019 - 8:29 p.m.

Design/Logic Flaw

2019-04-1120:29:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.4%

JSON

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq14.04
ubuntu_linuxeq18.04
ubuntu_linuxeq18.10
leapeq42.3
leapeq15.0
xmltoolinglt3.0.4

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	18.04
ubuntu_linux	eq	18.10
leap	eq	42.3
leap	eq	15.0
xmltooling	lt	3.0.4

References

lists.opensuse.org/opensuse-security-announce/2019-04/msg00079.html

lists.opensuse.org/opensuse-security-announce/2019-04/msg00095.html

bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912

security.netapp.com/advisory/ntap-20190611-0003/

shibboleth.net/community/advisories/secadv_20190311.txt

usn.ubuntu.com/3921-1/

wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories