Lucene search
Veracode Vulnerability DatabaseVERACODE:36993HistorySep 12, 2022 - 5:15 a.m.
XML External Entity (XXE)
2022-09-1205:15:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
xml external entity
calcite core
sql functions
xmlfunctions.java
security vulnerability
0.002 Low
EPSS
Percentile
57.8%
Calcite Core is vulnerable to XML external entity attacks. A remote attacker is able to read the contents of confidential files through the use of SQL functions such as EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM or EXTRACT_VALUE due to insecure business logic in XmlFunctions.java.
| CPE | Name | Operator | Version |
|---|---|---|---|
| calcite core | le | 1.31.0 | |
| calcite core | le | 1.31.0 |
Related
prion
prion
Xxe
2022-09-11 12:15:00
nvd
nvd
CVE-2022-39135
2022-09-11 12:15:08
osv
osv
CVE-2022-39135
2022-09-11 12:15:08
github
github
cvelist
cvelist
CVE-2022-39135 Apache Calcite: potential XEE attacks
2022-09-11 00:00:00
ibm
ibm
redhatcve
redhatcve
CVE-2022-39135
2022-09-13 19:43:00
cve
cve
CVE-2022-39135
2022-09-11 12:15:08
nessus
nessus
Oracle Essbase (April 2023 CPU)
2023-04-20 00:00:00
IBM Cognos Analytics Multiple Vulnerabilities (6986505)
2023-05-12 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00