7.5

CVE-2019-9628

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Xmltooling ProjectXmltooling Version < 3.0.4
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
OpensuseLeap Version15.0
OpensuseLeap Version42.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.05% 0.788
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00079.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00095.html
Third Party Advisory
Mailing List
https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912
Third Party Advisory
Issue Tracking
https://security.netapp.com/advisory/ntap-20190611-0003/
Third Party Advisory
https://shibboleth.net/community/advisories/secadv_20190311.txt
Third Party Advisory
https://usn.ubuntu.com/3921-1/
Third Party Advisory
https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories
Third Party Advisory