CVE-2014-0170

CWE-611 — XML External Entity (XXE)5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.5%

top 32.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jboss Teiid Redhat Jboss Data Virtualization

Timeline

PublishedSep 30

Latest updateMay 17

Description

Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDredhat/jboss_data_virtualization6.0.0

▶NVDjboss/teiid8.6+1

Patches

Patch: issues.jboss.org ↗Patch: issues.jboss.org ↗

🔴Vulnerability Details

GHSA

GHSA-4ffv-mqcc-vgr9: Teiid before 8↗2022-05-17

▶

CVEList

CVE-2014-0170: Teiid before 8↗2014-09-30

▶

📋Vendor Advisories

Red Hat

Teiid: XML eXternal Entity (XXE) flaw in SQL/XML parsing↗2014-09-23

▶

💬Community

Bugzilla

CVE-2014-0170 Teiid: XML eXternal Entity (XXE) flaw in SQL/XML parsing↗2014-04-08

▶