Lucene search

K

RedhatCVELIST:CVE-2014-3530

HistoryJul 22, 2014 - 8:00 p.m.

CVE-2014-3530

2014-07-2220:00:00

redhat

www.cve.org

1

7.2 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.2%

The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.

References

rhn.redhat.com/errata/RHSA-2014-0883.html

rhn.redhat.com/errata/RHSA-2014-0884.html

rhn.redhat.com/errata/RHSA-2014-0885.html

rhn.redhat.com/errata/RHSA-2014-0886.html

rhn.redhat.com/errata/RHSA-2015-0091.html

rhn.redhat.com/errata/RHSA-2015-0675.html

rhn.redhat.com/errata/RHSA-2015-0720.html

rhn.redhat.com/errata/RHSA-2015-0765.html

rhn.redhat.com/errata/RHSA-2015-1888.html

secunia.com/advisories/60047

secunia.com/advisories/60124

www.securitytracker.com/id/1030607

exchange.xforce.ibmcloud.com/vulnerabilities/94700

7.2 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.2%

Related for CVELIST:CVE-2014-3530

osv1 cve1 github1 nessus3 veracode1 redhat13 prion1 nvd1