CVE-2014-3530 in JBoss Enterpriseالمعلومات

الملخص

بحسب MITRE

The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

14/05/2014

إفشاء

22/07/2014

الاعتدال

تمت الموافقة

إدخال

VDB-67176

CPE

جاهز

CWE

CWE-200 (مؤكد)

CVSS

7.5 (NVD)

EPSS

0.02131

KEV

لا

النشاطات

منخفض جدًا

القطاع

Education, Lawfirm, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2014-3530
NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-3530
CVE Details	https://www.cvedetails.com/cve/CVE-2014-3530/

التالي ▸نظرة عامة ◂ السابق

Do you want to use VulDB in your project?

Use the official API to access entries easily!