CVE-2020-36640

Name of the Vulnerable Software and Affected Versions bonitasoft bonita-connector-webservice versions up to 1.3.0

Description A problematic issue was found in the software, affecting the TransformerConfigurationException function of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external entity reference.

Recommendations For bonitasoft bonita-connector-webservice versions up to 1.3.0, upgrade to version 1.3.1 to address this issue. As a temporary workaround, consider disabling the TransformerConfigurationException function until the patch is applied. Restrict access to the affected component to minimize the risk of exploitation.