9.8
CVE-2020-36640
- EPSS 0.76%
- Veröffentlicht 05.01.2023 10:15:09
- Zuletzt bearbeitet 21.11.2024 05:29:58
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Loginbonitasoft bonita-connector-webservice SecureWSConnector.java TransformerConfigurationException xml external entity reference
A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.1 is able to address this issue. The patch is named a12ad691c05af19e9061d7949b6b828ce48815d5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217443.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bonitasoft ≫ Webservice Connector Version < 1.3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.76% | 0.505 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 5.5 | 2.1 | 3.4 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 4.9 | 4.4 | 6.4 |
AV:A/AC:M/Au:S/C:P/I:P/A:P
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
https://github.com/bonitasoft/bonita-connector-webservice/commit/a12ad691c05af19e9061d7949b6b828ce48815d5
https://github.com/bonitasoft/bonita-connector-webservice/pull/17
https://github.com/bonitasoft/bonita-connector-webservice/releases/tag/1.3.1
https://vuldb.com/?ctiid.217443
https://vuldb.com/?id.217443