CVE-2017-8315

{"id": "CVE-2017-8315", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-04-20T19:29:00.503", "references": [{"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=519169", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cve@checkpoint.com"}, {"url": "https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "cve@checkpoint.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml."}, {"lang": "es", "value": "El analizador Eclipse XML para Eclipse IDE, en versiones 2017.2.5 y anteriores, es vulnerable a un ataque de XML External Entity. Un atacante puede explotar la vulnerabilidad implementando c\u00f3digo malicioso en Androidmanifest.xml."}], "lastModified": "2018-05-22T15:33:42.163", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:ide:2017.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB13CB7E-DE2D-41BC-944E-52AABD13A953"}], "operator": "OR"}]}], "sourceIdentifier": "cve@checkpoint.com"}