4 matches found
ae.teletronics.nlp:entityextraction (=1.3), at.researchstudio.sat:won-matcher-rescal (>=0.3 <=0.6) +542 more potentially affected by CVE-2017-12620 via org.apache.opennlp:opennlp-tools (>=1.5.2-incubating <=1.8.1)
org.apache.opennlp:opennlp-tools MAVEN version =1.5.2-incubating, =0.3, =0.2, =3.6.1, =3.11.0, =2.0.0, =2.0.0, =1.1, =0.3, =0.2, =0.6, =0.8 - com.blazemeter:jmeter-plugins-rotating-listener =0.2 - com.centit.support:centit-es-client =0.1.1806 and more Source cves: CVE-2017-12620 Source advisory:...
Security Bulletin: IBM Cognos Analytics with Watson 11.2.1 has addressed multiple vulnerabilities
Summary Security vulnerabilities have been addressed in IBM Cognos Analytics with Watson 11.2.1 Vulnerability Details CVEID: CVE-2017-12620 DESCRIPTION: Apache OpenNLP could allow a remote attacker to obtain sensitive information, caused by an XXE attack when loading models or dictionaries that...
Apache OpenNLP XXE Vulnerability
Exploit for multiple platform in category remote exploits CVE-2017-12620 - Apache OpenNLP XXE vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: OpenNLP 1.5.0 to 1.5.3 OpenNLP 1.6.0 OpenNLP 1.7.0 to 1.7.2 OpenNLP 1.8.0 to 1.8.1 Description: When loading model...
CVE-2017-12620
When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.7.0 to 1.7.2, 1.8.0 to 1.8.1 of Apache...