CVE-2018-1000632

CWE-91 CWE-8812 documents9 sources

Severity

7.5HIGH

EPSS

1.6%

top 18.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dom4j Project Dom4j Oracle Primavera P6 Enterprise Project Portfolio Management Oracle Utilities Framework +7 more

Timeline

PublishedAug 20

Latest updateNov 5

Description

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages13 packages

▶Mavenorg.dom4j:dom4j2.1.0 — 2.1.1+1

▶NVDdom4j_project/dom4j2.0.0 — 2.0.3+1

▶Debiandom4j< 2.1.1-1+3

▶Ubuntudom4j< 1.6.1+dfsg.3-2ubuntu1.2

▶Mavendom4j:dom4j1.6.1

Also affects: Debian Linux 8.0

Patches

Patch: github.com ↗Patch: www.oracle.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

dom4j vulnerability↗2020-11-05

▶

OSV

Dom4j contains a XML Injection vulnerability↗2018-10-16

▶

GHSA

Dom4j contains a XML Injection vulnerability↗2018-10-16

▶

OSV

CVE-2018-1000632: dom4j version prior to version 2↗2018-08-20

▶

CVEList

CVE-2018-1000632: dom4j version prior to version 2↗2018-08-20

▶

📋Vendor Advisories

Ubuntu

dom4j vulnerability↗2020-11-05

▶

Oracle

Oracle Oracle Utilities Applications Risk Matrix: Common (Dom4J) — CVE-2018-1000632↗2020-04-15

▶

Red Hat

dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents↗2018-07-01

▶

Debian

CVE-2018-1000632: dom4j - dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerabil...↗2018

▶

💬Community

Bugzilla

CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents↗2018-08-23

▶

Bugzilla

CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents [fedora-all]↗2018-08-23

▶