CVE-2019-0228
published 2019-04-17CVE-2019-0228: Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | james | — | — |
| apache | james | — | — |
| apache | pdfbox | — | — |
| apache | tika | — | — |
| debian | libpdfbox-java | — | — |
| debian | libpdfbox2-java | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| oracle | banking_corporate_lending_process_management | — | — |
| oracle | banking_corporate_lending_process_management | — | — |
| oracle | banking_corporate_lending_process_management | — | — |
| oracle | banking_credit_facilities_process_management | — | — |
| oracle | banking_credit_facilities_process_management | — | — |
| oracle | banking_credit_facilities_process_management | — | — |
| oracle | banking_supply_chain_finance | — | — |
| oracle | banking_supply_chain_finance | — | — |
| oracle | banking_supply_chain_finance | — | — |
| oracle | banking_trade_finance_process_management | — | — |
| oracle | banking_trade_finance_process_management | — | — |
| oracle | banking_trade_finance_process_management | — | — |
| oracle | banking_virtual_account_management | — | — |
| oracle | banking_virtual_account_management | — | — |
| oracle | banking_virtual_account_management | — | — |
| oracle | communications_messaging_server | — | — |
| oracle | communications_session_report_manager | 8.0.0.0 – 8.2.4.0 | — |