CVE-2017-7545

It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXternal Entity (XXE) attacks.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_bpm_suite:6.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jbpm:6.5:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-07-26 15:29

Updated : 2023-12-10 12:44


NVD link : CVE-2017-7545

Mitre link : CVE-2017-7545

CVE.ORG link : CVE-2017-7545


JSON object : View

Products Affected

redhat

  • decision_manager
  • jbpm
  • jboss_bpm_suite
CWE
CWE-611

Improper Restriction of XML External Entity Reference