cbcvebase.
CVE-2018-15531
published 2018-09-26

CVE-2018-15531: JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

PriorityP356critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
27.87%
97.9th percentile
JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
javamelody_projectjavamelody< 1.74.01.74.0
jenkinsarachni_scanner_plugin
jenkinsargus_notifier_plugin
jenkinsartifactory_plugin
jenkinschatter_notifier_plugin
jenkinsconfig_file_provider_plugin
jenkinscredentials_plugin
jenkinscrowd_2_integration_plugin
jenkinsdimensions_plugin
jenkinsemail_extension_template_plugin
jenkinsgit_changelog_plugin
jenkinshipchat_plugin
jenkinsids_in_argus_notifier_plugin
jenkinsids_in_chatter_notifier_plugin
jenkinsids_in_hipchat_plugin
jenkinsids_in_mesos_plugin
jenkinsids_to_allow_administrators_configuring_the_plugin
jenkinsids_to_allow_users_configuring_the_plugin
jenkinsjavamelody_library_bundled_in_monitoring_plugin
jenkinsjira_plugin
jenkinsjob_config_history_plugin
jenkinsjob_configuration_history_plugin
jenkinsjunit_plugin
jenkinsmesos_cloud_plugin
jenkinsmesos_plugin

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.