7.5
CVE-2018-1000632
- EPSS 1%
- Veröffentlicht 20.08.2018 19:31:31
- Zuletzt bearbeitet 21.11.2024 03:40:16
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dom4j Project ≫ Dom4j Version >= 2.0.0 < 2.0.3
Dom4j Project ≫ Dom4j Version >= 2.1.0 < 2.1.1
Debian ≫ Debian Linux Version8.0
Oracle ≫ Flexcube Investor Servicing Version12.0.4
Oracle ≫ Flexcube Investor Servicing Version12.1.0
Oracle ≫ Flexcube Investor Servicing Version12.3.0
Oracle ≫ Flexcube Investor Servicing Version12.4.0
Oracle ≫ Flexcube Investor Servicing Version14.0.0
Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 16.1.0.0 <= 16.2.20.1
Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 17.1.0.0 <= 17.12.17.1
Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 18.1.0.0 <= 18.8.19.0
Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 19.12.0.0 <= 19.12.6.0
Oracle ≫ Rapid Planning Version12.1
Oracle ≫ Rapid Planning Version12.2
Oracle ≫ Retail Integration Bus Version15.0
Oracle ≫ Retail Integration Bus Version16.0
Oracle ≫ Utilities Framework Version >= 4.3.0.2.0 <= 4.3.0.6.0
Oracle ≫ Utilities Framework Version2.2.0
Oracle ≫ Utilities Framework Version4.2.0.2.0
Oracle ≫ Utilities Framework Version4.2.0.3.0
Oracle ≫ Utilities Framework Version4.4.0.0.0
Oracle ≫ Utilities Framework Version4.4.0.2
Redhat ≫ Satellite Capsule Version6.6
Redhat ≫ Jboss Enterprise Application Platform Version6.0.0
Redhat ≫ Jboss Enterprise Application Platform Version6.4.0
Redhat ≫ Jboss Enterprise Application Platform Version7.1.0
Redhat ≫ Jboss Enterprise Application Platform Version6.0.0
Redhat ≫ Jboss Enterprise Application Platform Version6.4.0
Netapp ≫ Oncommand Workflow Automation Version-
Netapp ≫ Snap Creator Framework Version-
Netapp ≫ Snapcenter Version-
Netapp ≫ Snapmanager Version- SwPlatformoracle
Netapp ≫ Snapmanager Version- SwPlatformsap
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1% | 0.76 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-91 XML Injection (aka Blind XPath Injection)
The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.