7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
dom4j is vulnerable to XML External Entity (XXE) attacks. The library does not properly validate the attributes that can be inserted by the user, allowing a malicious user to conduct an XXE attack.
access.redhat.com/errata/RHSA-2019:0362
access.redhat.com/errata/RHSA-2019:0364
access.redhat.com/errata/RHSA-2019:0365
access.redhat.com/errata/RHSA-2019:0380
access.redhat.com/errata/RHSA-2019:1159
access.redhat.com/errata/RHSA-2019:1160
access.redhat.com/errata/RHSA-2019:1161
access.redhat.com/errata/RHSA-2019:1162
access.redhat.com/errata/RHSA-2019:3172
github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387
github.com/dom4j/dom4j/issues/48
ihacktoprotect.com/post/dom4j-xml-injection/
lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E
lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E
lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E
lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E
lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E
lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E
lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E
lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E
lists.debian.org/debian-lts-announce/2018/09/msg00028.html
lists.fedoraproject.org/archives/list/[email protected]/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP/
lists.fedoraproject.org/archives/list/[email protected]/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA/
security.netapp.com/advisory/ntap-20190530-0001/
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpuApr2021.html
www.oracle.com/security-alerts/cpujul2020.html
www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N