CVE-2020-10683

EPSS 1.96%
Veröffentlicht 01.05.2020 19:15:12
Zuletzt bearbeitet 21.11.2024 04:55:50
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 23

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dom4j Project ≫ Dom4j Version < 2.0.3

Dom4j Project ≫ Dom4j Version >= 2.1.0 < 2.1.3

Oracle ≫ Agile Plm Version9.3.3

Oracle ≫ Agile Plm Version9.3.5

Oracle ≫ Application Testing Suite Version13.3.0.1

Oracle ≫ Banking Platform Version >= 2.4.0 <= 2.10.0

Oracle ≫ Business Process Management Suite Version12.2.1.3.0

Oracle ≫ Business Process Management Suite Version12.2.1.4.0

Oracle ≫ Communications Application Session Controller Version3.9m0p1

Oracle ≫ Communications Diameter Signaling Router Version >= 8.0.0 <= 8.2.2

Oracle ≫ Communications Unified Inventory Management Version7.3.0

Oracle ≫ Communications Unified Inventory Management Version7.4.0

Oracle ≫ Data Integrator Version12.2.1.3.0

Oracle ≫ Data Integrator Version12.2.1.4.0

Oracle ≫ Documaker Version >= 12.6.0 <= 12.6.4

Oracle ≫ Endeca Information Discovery Integrator Version3.2.0

Oracle ≫ Enterprise Data Quality Version11.1.1.9.0

Oracle ≫ Enterprise Data Quality Version12.2.1.3.0

Oracle ≫ Enterprise Manager Base Platform Version13.4.0.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.6 <= 8.1.0

Oracle ≫ Flexcube Core Banking Version11.7.0

Oracle ≫ Flexcube Core Banking Version11.8.0

Oracle ≫ Flexcube Core Banking Version11.9.0

Oracle ≫ Flexcube Core Banking Version11.10.0

Oracle ≫ Fusion Middleware Version12.2.1.4.0

Oracle ≫ Health Sciences Empirica Signal Version9.0

Oracle ≫ Health Sciences Information Manager Version3.0.1

Oracle ≫ Insurance Policy Administration J2ee Version >= 11.1.0 <= 11.3.0

Oracle ≫ Insurance Policy Administration J2ee Version10.2.0

Oracle ≫ Insurance Policy Administration J2ee Version10.2.4

Oracle ≫ Insurance Policy Administration J2ee Version11.0.2

Oracle ≫ Insurance Rules Palette Version >= 11.1.0 <= 11.3.0

Oracle ≫ Insurance Rules Palette Version10.2.0

Oracle ≫ Insurance Rules Palette Version10.2.4

Oracle ≫ Insurance Rules Palette Version11.0.2

Oracle ≫ Jdeveloper Version12.2.1.4.0

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 16.1.0.0 <= 16.2.20.1

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 17.1.0.0 <= 17.12.17.1

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 18.1.0.0 <= 18.8.19.0

Oracle ≫ Primavera P6 Enterprise Project Portfolio Management Version >= 19.12.0.0 <= 19.12.6.0

Oracle ≫ Rapid Planning Version12.1

Oracle ≫ Rapid Planning Version12.2

Oracle ≫ Retail Customer Management And Segmentation Foundation Version16.0

Oracle ≫ Retail Customer Management And Segmentation Foundation Version17.0

Oracle ≫ Retail Customer Management And Segmentation Foundation Version18.0

Oracle ≫ Retail Customer Management And Segmentation Foundation Version19.0

Oracle ≫ Retail Integration Bus Version15.0

Oracle ≫ Retail Integration Bus Version16.0

Oracle ≫ Retail Order Broker Version15.0

Oracle ≫ Retail Order Broker Version16.0

Oracle ≫ Retail Order Broker Version18.0

Oracle ≫ Retail Order Broker Version19.0

Oracle ≫ Retail Order Broker Version19.1

Oracle ≫ Retail Price Management Version14.0.3

Oracle ≫ Retail Price Management Version14.1.3.0

Oracle ≫ Retail Price Management Version15.0.3.0

Oracle ≫ Retail Price Management Version16.0.3.0

Oracle ≫ Retail Xstore Point Of Service Version15.0.4

Oracle ≫ Retail Xstore Point Of Service Version16.0.6

Oracle ≫ Retail Xstore Point Of Service Version17.0.4

Oracle ≫ Retail Xstore Point Of Service Version18.0.3

Oracle ≫ Storagetek Tape Analytics Sw Tool Version2.3

Oracle ≫ Utilities Framework Version >= 4.3.0.1.0 <= 4.3.0.6.0

Oracle ≫ Utilities Framework Version2.2.0.0.0

Oracle ≫ Utilities Framework Version4.2.0.2.0

Oracle ≫ Utilities Framework Version4.2.0.3.0

Oracle ≫ Utilities Framework Version4.4.0.0.0

Oracle ≫ Utilities Framework Version4.4.0.2.0

Oracle ≫ Webcenter Portal Version11.1.1.9.0

Oracle ≫ Webcenter Portal Version12.2.1.3.0

Oracle ≫ Webcenter Portal Version12.2.1.4.0

Opensuse ≫ Leap Version15.1

Netapp ≫ Oncommand Api Services Version-

Netapp ≫ Oncommand Workflow Automation Version-

Netapp ≫ Snap Creator Framework Version-

Netapp ≫ Snapcenter Version-

Netapp ≫ Snapmanager Version- SwPlatformoracle

Netapp ≫ Snapmanager Version- SwPlatformsap

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.96%	0.829

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://www.oracle.com/security-alerts/cpujan2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Third Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html