PT-2017-16867 · Eparakstitajs · Eparakstitajs+1

Oskars Veģeris

Published

2017-02-17

Updated

2017-03-16

CVE-2017-6055

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions eParakstitajs versions prior to 1.3.9 eParaksts Java lib versions prior to 2.5.13

Description The issue allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file. This is due to an XML external entity (XXE) vulnerability.

Recommendations For eParakstitajs versions prior to 1.3.9, update to version 1.3.9 or later. For eParaksts Java lib versions prior to 2.5.13, update to version 2.5.13 or later.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2017-6055

Affected Products

Eparakstitajs

Eparaksts Java Lib

PT-2017-16867 · Eparakstitajs · Eparakstitajs+1

CVE-2017-6055

Weakness Enumeration

Related Identifiers

Affected Products

References · 4