7.8

CVE-2017-8316

Exploit
IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JetBrainsIntelliJ IDEA Version < 2017.2.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.26% 0.807
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:C/I:N/A:N
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/
Third Party Advisory
Exploit
http://git.jetbrains.org/?p=idea/adt-tools-base.git%3Ba=commit%3Bh=a778b2b88515513654e002cd51cbe8eb8226e96b
https://youtrack.jetbrains.com/issue/IDEA-175381
Broken Link