Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:22175
HistoryDec 16, 2019 - 6:30 a.m.

XML External Entity (XXE)

2019-12-1606:30:00
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10

0.002 Low

EPSS

Percentile

53.4%

JSON

jersey-core is vulnerable to XML external entity attacks. The external parameter entities were not disabled by the jersey SAX parser, allowing a remote attacker to exploit the vulnerability to read files accessible to the user running the application server, and potentially perform recursive entity expansion and send requests on behalf of the server.

Related

nvd 1
cve 1
prion 1
cvelist 1
ibm 5
nvd
nvd
CVE-2014-3643
2019-12-15 22:15:11
cve
cve
CVE-2014-3643
2019-12-15 22:15:11
prion
prion
Design/Logic Flaw
2019-12-15 22:15:00
cvelist
cvelist
CVE-2014-3643
2019-12-15 21:12:24
ibm
ibm
Security Bulletin: Vulnerability in jersey affect Apache Zookeeper shipped with IBM Operations Analytics - Log Analysis (CVE-2014-3643)
2021-04-20 06:19:28
Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities.
2024-06-17 14:48:39
Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform
2023-02-17 15:44:51

0.002 Low

EPSS

Percentile

53.4%

JSON
Related for VERACODE:22175
nvd1cve1prion1cvelist1ibm5