PT-2020-5503 · Mpxj · Mpxj
Published
2020-08-29
·
Updated
2022-09-02
·
CVE-2020-25020
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
MPXJ versions 8.1.3 and earlier
Description
The issue is related to the incorrect restriction of XML external entity references in the GanttProjectReader and PhoenixReader components of the MPXJ library. This can allow a remote attacker to conduct XXE attacks.
Recommendations
For MPXJ versions 8.1.3 and earlier, consider disabling the GanttProjectReader and PhoenixReader components until a patch is available to prevent XXE attacks. Restrict access to these components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mpxj