1 results (0.002 seconds)
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2014-3682 – jbpm-designer: XXE in BPMN2 import
https://notcve.org/view.php?id=CVE-2014-3682
17 Feb 2015 — XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file. Vulnerabilidad de entidad externa XML (XXE) en la función JBPMBpmn2ResourceImpl en designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java en jbpm-designer 6.0.x y 6.2.x permite a atacantes remotos leer ficheros arbitrarios y ... • http://rhn.redhat.com/errata/RHSA-2015-0234.html • CWE-611: Improper Restriction of XML External Entity Reference •