Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:45560
HistoryFeb 21, 2024 - 9:30 a.m.

XML External Entity (XXE)

2024-02-2109:30:42
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
xml external entity java2wsddtask sensitive information liferay portal

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

liferay portal vulnerable to XML External Entity (XXE). The vulnerability is due toJava2WsddTask._format method, which allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources.

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Related for VERACODE:45560