CVE-2014-8125

EPSS 0.96%
Published 21.04.2015 17:59:02
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Drools Version <= 6.1.0

Redhat ≫ Jbpm Version <= 6.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.96%	0.755

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://rhn.redhat.com/errata/RHSA-2015-0850.html

http://rhn.redhat.com/errata/RHSA-2015-0851.html

https://bugzilla.redhat.com/show_bug.cgi?id=1169553

https://github.com/droolsjbpm/drools/commit/c48464c3b246e6ef0d4cd0dbf67e83ccd532c6d3

https://github.com/droolsjbpm/jbpm/commit/713e8073ecf45623cfc5c918c5cbf700203f46e5

https://nvd.nist.gov/vuln/detail/CVE-2014-8125

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-8125

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-8125

EUVD