CVE-2015-1818 — XML External Entity (XXE) Injection in Redhat Jboss BPM Suite

CWE-611 — XML External Entity (XXE) Injection5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Jboss BPM Suite
Timeline
PublishedAug 11
Latest updateMay 14

Description

XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

â–¶NVDredhat/jboss_bpm_suite6.1.0

🔴Vulnerability Details

2
GHSA
GHSA-c64m-pjpp-mqqj: XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org↗2022-05-14
â–¶
CVEList
CVE-2015-1818: XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org↗2015-08-11
â–¶

📋Vendor Advisories

1
Red Hat
dashbuilder: XXE/SSRF vulnerability↗2015-03-13
â–¶

💬Community

1
Bugzilla
CVE-2015-1818 dashbuilder: XXE/SSRF vulnerability↗2015-03-13
â–¶
CVE-2015-1818 — XML External Entity (XXE) Injection | cvebase