PT-2019-11655 · Eclipse · Eclipse Kura
Matteo Maiero
·
Publicado
2019-04-09
·
Atualizado
2019-10-09
·
CVE-2019-10244
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Eclipse Kura versions up to 4.0.0
Description:
The issue is related to an improper factory and parser initialization, which could make certain components targets of an XXE attack. The affected components include the Web UI package and component services, the Artemis simple Mqtt component, and the emulator position service.
Recommendations:
For Eclipse Kura versions up to 4.0.0, update to a version later than 4.0.0 to resolve the issue.
Correção
XXE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Eclipse Kura