Apache PDFBox could allow a remote authenticated attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.
CVEID: CVE-2016-2175 DESCRIPTION: Apache PDFBox could allow a remote authenticated attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113548 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S)
IBM eDiscovery Analyzer 2.2.2
Product
| VRM|Remediation
—|—|—
IBM eDiscovery Analyzer 2.2.2| 2.2.2| Use IBM eDiscovery Analyzer 2.2.2 Interim Fix 0004
NA
CPE | Name | Operator | Version |
---|---|---|---|
ediscovery analyzer | eq | 2.2.2 |