4 matches found
com.geeoz.atom:atom-api (>=1.0d12 <=1.0d31), com.geeoz.atom:atom-kie (=1.0d31) +36 more potentially affected by CVE-2014-8125 via org.jbpm:jbpm-bpmn2 (>=5.1.0.Final <=6.2.0.CR4)
org.jbpm:jbpm-bpmn2 MAVEN version =5.1.0.Final, =1.0d12, =1.0d30, =1.0d18, =1.0d12, =1.0d12, =0.2, =1.1.0.17-1, =0.5.0, =0.5.0, =0.5.4 and more Source cves: CVE-2014-8125 Source advisory: OSV:GHSA-6QX9-RF9G-7JMR...
Security Bulletin: XXE Vulnerability in Drools Affects IBM Sterling B2B Integrator (CVE-2014-8125)
Summary IBM Sterling B2B Integrator has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2014-8125 DESCRIPTION: Drools and jBPM could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error within the jBPM runtime. By...
CVE-2014-8125
XML external entity XXE vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file...
CVE-2014-8125
CVE-2014-8125 is an XXE vulnerability in Drools and jBPM that, before version 6.2.0, allows remote attackers to read arbitrary files via a crafted BPMN2 file. Affected: Drools/jBPM runtimes; root cause: XML External Entity processing in BPMN2 handling. Impact per sources: potential file disclosur...