Lucene search
HistoryApr 21, 2015 - 5:59 p.m.
CVE-2014-8125
cve-2014-8125
xxe vulnerability
drools
jbpm
bpmn2 file
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.1 High
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
86.0%
XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.
Affected configurations
Node
redhatdroolsRange≤6.1.0
ORredhatjbpmRange≤6.1.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| redhat:drools | redhat drools | le | 6.1.0 |
| redhat:jbpm | redhat jbpm | le | 6.1.0 |
Related
osv
osv
Improper Input Validation in Drools and jBPM
2022-05-17 04:12:57
ibm
ibm
prion
prion
Xxe
2015-04-21 17:59:00
nvd
nvd
CVE-2014-8125
2015-04-21 17:59:02
github
github
Improper Input Validation in Drools and jBPM
2022-05-17 04:12:57
cvelist
cvelist
CVE-2014-8125
2015-04-21 17:00:00
redhat
redhat
(RHSA-2015:0850) Important: Red Hat JBoss BRMS 6.1.0 update
2015-04-16 16:00:56
(RHSA-2015:0851) Important: Red Hat JBoss BPM Suite 6.1.0 update
2015-04-16 16:01:23
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.1 High
AI Score
Confidence
Low
0.013 Low
EPSS
Percentile
86.0%
Related for CVE-2014-8125