Vulnerability Details : CVE-2014-8125
XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2014-8125
- cpe:2.3:a:redhat:drools:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jbpm:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8125
0.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8125
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2014-8125
-
https://github.com/droolsjbpm/drools/commit/c48464c3b246e6ef0d4cd0dbf67e83ccd532c6d3
BZ-1169553 - (CVE-2014-8125) EMBARGOED CVE-2014-8125 jBPM: BPMN2 file… · kiegroup/drools@c48464c · GitHub
-
https://bugzilla.redhat.com/show_bug.cgi?id=1169553
1169553 – (CVE-2014-8125) CVE-2014-8125 jBPM: BPMN2 file processing XXE in Process Execution
-
http://rhn.redhat.com/errata/RHSA-2015-0851.html
RHSA-2015:0851 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2015-0850.html
RHSA-2015:0850 - Security Advisory - Red Hat Customer Portal
-
https://github.com/droolsjbpm/jbpm/commit/713e8073ecf45623cfc5c918c5cbf700203f46e5
BZ-1169553 - (CVE-2014-8125) EMBARGOED CVE-2014-8125 jBPM: BPMN2 file… · kiegroup/jbpm@713e807 · GitHub
Jump to