Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

F5 Networks
F5 Networksadded 2023/02/21 6:7 p.m.46 views

K02349370: dom4j library vulnerability CVE-2020-10683

Security Advisory Description dom4j before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. CVE-2020-106...

9.8CVSS6.8AI score0.0696EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2022/07/07 5:43 p.m.43 views

Security Bulletin: IBM Security Verify Information Queue uses a dom4j version with improper XXE restrictions (CVE-2020-10683)

Summary The products image in IBM Security Verify Information Queue ISIQ v10.0.2 uses an older version of the dom4j library that does not properly safeguard against XML External Entity XXE attacks. ISIQ v10.0.3 has upgraded its products image to include a newer dom4j level that remediates the...

9.8CVSS1.5AI score0.0696EPSS
Exploits0Affected Software1
OSV
OSVadded 2021/01/17 4:7 p.m.7 views

MGASA-2021-0034 Updated dom4j packages fix a security vulnerability

A flaw was found in the dom4j library. By using the default SaxReader provided by Dom4J, external DTDs and External Entities are allowed, resulting in a possible XXE CVE-2020-10683...

9.8CVSS9.3AI score0.0696EPSS
Exploits0References3
BDU FSTEC
BDU FSTECadded 2020/08/26 12:0 a.m.2 views

The vulnerability in the implementation of the new org.dom4j.io.SAXReader() function of the library for working with XML, XPath, and XSLT in dom4j allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the new org.dom4j.io.SAXReader method in the library for working with XML, XPath, and XSLT is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...

10CVSS6.7AI score0.0696EPSS
Exploits0References14Affected Software32
RedHat Linux
RedHat Linuxadded 2020/08/18 4:34 p.m.0 views

dom4j: XML External Entity vulnerability in default SAX parser

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j...

9.8CVSS7.2AI score0.0696EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2020/05/01 12:0 a.m.36 views

Debian DLA-2191-1 : dom4j security update

A flaw was found in dom4j library. By using the default SaxReader provided by Dom4J, external DTDs and External Entities are allowed, resulting in a possible XXE. For Debian 8 'Jessie', this problem has been fixed in version 1.6.1+dfsg.3-2+deb8u2. We recommend that you upgrade your dom4j packages...

9.8CVSS6.5AI score0.0696EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2019/05/08 8:5 p.m.0 views

dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or...

7.5CVSS7.2AI score0.01611EPSS
Exploits1References4
Rows per page
Query Builder