5.2 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
54.2%
A vulnerability classified as problematic was found in iText RUPS. This
vulnerability affects unknown code of the file
src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads
to xml external entity reference. The patch is identified as
ac5590925874ef810018a6b60fec216eee54fb32. It is recommended to apply a
patch to fix this issue. VDB-217054 is the identifier assigned to this
vulnerability.
Author | Note |
---|---|
eslerm | CVE assigned nearly three years after project was archived CVE possibly assigned based on five year old commit message |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | libitext-java | < any | UNKNOWN |
ubuntu | 20.04 | noarch | libitext-java | < any | UNKNOWN |
ubuntu | 22.04 | noarch | libitext-java | < any | UNKNOWN |
ubuntu | 23.10 | noarch | libitext-java | < any | UNKNOWN |
ubuntu | 24.04 | noarch | libitext-java | < any | UNKNOWN |
ubuntu | 16.04 | noarch | libitext-java | < any | UNKNOWN |
5.2 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
54.2%