ROSA LABROSA-SA-2024-2454Advisory ROSA-SA-2024-2454
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
79.9%
software: dom4j 2.0.3
AXIS: ROSA-CHROME
package_evr_string: dom4j-2.0.3-1
CVE-ID: CVE-2018-1000632
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: The dom4j version contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute, which could lead to an attacker forging XML documents via XML Injection. This attack can apparently be used by an attacker specifying attributes or elements in an XML document.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update dom4j
CVE-ID: CVE-2020-10683
BDU-ID: 2020-04038
CVE-Crit: CRITICAL.
CVE-DESC.: An implementation vulnerability in the new org.dom4j.io.SAXReader() function of the dom4j XML, XPath, and XSLT library is related to incorrectly restricting XML references to external objects. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update dom4j
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
79.9%