CVE-2017-7545
published 2018-07-26CVE-2017-7545: It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker…
medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXternal Entity (XXE) attacks.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kie | jbpm-designer | — | — |
| redhat | decision_manager | — | — |
| redhat | jboss_bpm_suite | — | — |
| redhat | jbpm | — | — |