PT-2015-4010 · Red Hat · Jbpm+1
Mswiderski
·
Publicado
2015-04-21
·
Atualizado
2022-05-17
·
CVE-2014-8125
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Drools and jBPM versions prior to 6.2.0
Description
The issue is related to an XML external entity (XXE) vulnerability. This vulnerability allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.
Recommendations
For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Drools
Jbpm