CVE-2017-7545

CWE-611 — XML External Entity (XXE)6 documents6 sources

Severity

6.5MEDIUM

EPSS

0.8%

top 26.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

4

KIE Jbpm-designer Redhat Decision Manager Redhat Jboss BPM Suite +1 more

Timeline

PublishedJul 26

Latest updateMay 13

Description

It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXternal Entity (XXE) attacks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶Mavenorg.jbpm.jbpm5:jbpmmigration0.15

▶NVDredhat/jbpm6.5

▶CVEListV5kie/jbpm-designer6.5

▶NVDredhat/jboss_bpm_suite6.4

▶NVDredhat/decision_manager7.0

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

3

GHSA

XML External Entity Reference in jbpmmigration↗2022-05-13

▶

OSV

XML External Entity Reference in jbpmmigration↗2022-05-13

▶

CVEList

CVE-2017-7545: It was discovered that the XmlUtils class in jbpmmigration 6↗2018-07-26

▶

📋Vendor Advisories

1

Red Hat

jbpmmigration: XXE vulnerability in XmlUtils↗2017-11-30

▶

💬Community

1

Bugzilla

CVE-2017-7545 jbpmmigration: XXE vulnerability in XmlUtils↗2017-07-25

▶

CVE-2017-7545 (MEDIUM CVSS 6.5) | It was discovered that the XmlUtils | cvebase.io