6.5
CVE-2012-0037
- EPSS 0.53%
- Veröffentlicht 17.06.2012 03:41:40
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Libreoffice ≫ Libreoffice Version < 3.4.6
Libreoffice ≫ Libreoffice Version3.5.0
Apache ≫ Openoffice Version3.3.0
Apache ≫ Openoffice Version3.4.0 Updatebeta
Fedoraproject ≫ Fedora Version16
Fedoraproject ≫ Fedora Version17
Redhat ≫ Gluster Storage Server For On-premise Version2.0
Redhat ≫ Storage For Public Cloud Version2.0
Redhat ≫ Enterprise Linux Desktop Version5.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Eus Version6.2
Redhat ≫ Enterprise Linux Server Version5.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Aus Version6.2
Redhat ≫ Enterprise Linux Workstation Version5.0
Redhat ≫ Enterprise Linux Workstation Version6.0
Debian ≫ Debian Linux Version6.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.663 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.