Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:42871
HistoryAug 22, 2023 - 3:03 a.m.

XML Injection

2023-08-2203:03:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
vulnerability
xml injection
org.apache.ivy
improper restrictions
sensitive information
crafted xml file
sensitive data

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

EPSS

0.002

Percentile

52.0%

org.apache.ivy:ivy is vulnerable to XML Injection. The vulnerability exists due to improper external DTD XML restrictions. An attacker is able to exploit this vulnerability by parsing a specially crafted XML file, which allows the attacker to access sensitive information, such as passwords or other confidential data.

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

EPSS

0.002

Percentile

52.0%