CVE-2017-7545

Name of the Vulnerable Software and Affected Versions jbpmmigration version 6.5

Description The XmlUtils class in jbpmmigration performs expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXternal Entity (XXE) attacks.

Recommendations For jbpmmigration version 6.5, consider removing or restricting the use of the XmlUtils class until a patch is available. As a temporary workaround, avoid parsing untrusted XML files to minimize the risk of exploitation.