PT-2019-11655 · Eclipse · Eclipse Kura
Matteo Maiero
·
Published
2019-04-09
·
Updated
2019-10-09
·
CVE-2019-10244
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Eclipse Kura versions up to 4.0.0
Description:
The issue is related to an improper factory and parser initialization, which could make certain components targets of an XXE attack. The affected components include the Web UI package and component services, the Artemis simple Mqtt component, and the emulator position service.
Recommendations:
For Eclipse Kura versions up to 4.0.0, update to a version later than 4.0.0 to resolve the issue.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eclipse Kura