Vulnerability Details : CVE-2014-3530
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.
Vulnerability category: XML external entity (XXE) injectionInformation leak
Products affected by CVE-2014-3530
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-3530
0.85%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-3530
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-3530
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3530
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94700
Red Hat JBoss XML information disclosure CVE-2014-3530 Vulnerability Report
-
http://rhn.redhat.com/errata/RHSA-2014-0886.html
RHSA-2014:0886 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0885.html
RHSA-2014:0885 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0883.html
RHSA-2014:0883 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://secunia.com/advisories/60047
Sign in
-
http://www.securitytracker.com/id/1030607
Red Hat JBoss XXE Bug Lets Remote Users Obtain Files on the Target System - SecurityTracker
-
http://rhn.redhat.com/errata/RHSA-2015-0720.html
RHSA-2015:0720 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2015-0765.html
RHSA-2015:0765 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2015-0675.html
RHSA-2015:0675 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2015-1888.html
RHSA-2015:1888 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2014-0884.html
RHSA-2014:0884 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-0091.html
RHSA-2015:0091 - Security Advisory - Red Hat Customer Portal
Jump to