CVE-2017-8316
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack, an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.
Se ha descubierto que el analizador XML de IntelliJ IDEA es vulnerable a un ataque de XEE (XML External Entity) por el que un atacante podría explotar la vulnerabilidad implementando código malicioso en ambos archivos Androidmanifest.xml.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-04-28 CVE Reserved
- 2018-08-03 CVE Published
- 2023-11-08 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://git.jetbrains.org/?p=idea/adt-tools-base.git%3Ba=commit%3Bh=a778b2b88515513654e002cd51cbe8eb8226e96b | X_refsource_confirm | |
| https://youtrack.jetbrains.com/issue/IDEA-175381 | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://research.checkpoint.com/parsedroid-targeting-android-development-research-community | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Jetbrains Search vendor "Jetbrains" | Intellij Idea Search vendor "Jetbrains" for product "Intellij Idea" | < 2017.2.2 Search vendor "Jetbrains" for product "Intellij Idea" and version " < 2017.2.2" | - |
Affected
| ||||||