CVE-2012-2682

CWE-20Improper Input ValidationCWE-611XML External Entity (XXE)CWE-776XML Entity Expansion (Billion Laughs)6 documents6 sources
Severity
5.0MEDIUM
EPSS
0.4%
top 38.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise MRG
Timeline
PublishedJul 19
Latest updateMay 14

Description

Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
Several Zend Products Vulnerable to XXE and XEE attacks2022-05-14
GHSA
GHSA-24fh-vxfp-5g6v: Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 22022-05-13
CVEList
CVE-2012-2682: Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 22014-07-19

📋Vendor Advisories

1
Red Hat
cumin: DoS via displayed link names containing non-ASCII characters2014-07-09

💬Community

1
Bugzilla
CVE-2012-2682 cumin: DoS via displayed link names containing non-ASCII characters2012-06-08
CVE-2012-2682 (MEDIUM CVSS 5) | Cumin (aka MRG Management Console) | cvebase.io