ID CVE-2019-12154
Summary XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.
References
Vulnerable Configurations
  • cpe:2.3:a:realobjects:pdfreactor:10.0.10702:*:*:*:*:*:*:*
    cpe:2.3:a:realobjects:pdfreactor:10.0.10702:*:*:*:*:*:*:*
  • cpe:2.3:a:realobjects:pdfreactor:10.0.10722:*:*:*:*:*:*:*
    cpe:2.3:a:realobjects:pdfreactor:10.0.10722:*:*:*:*:*:*:*
  • cpe:2.3:a:realobjects:pdfreactor:10.0.10722.1:*:*:*:*:*:*:*
    cpe:2.3:a:realobjects:pdfreactor:10.0.10722.1:*:*:*:*:*:*:*
  • cpe:2.3:a:realobjects:pdfreactor:10.0.10722.2:*:*:*:*:*:*:*
    cpe:2.3:a:realobjects:pdfreactor:10.0.10722.2:*:*:*:*:*:*:*
  • cpe:2.3:a:realobjects:pdfreactor:10.0.10722.3:*:*:*:*:*:*:*
    cpe:2.3:a:realobjects:pdfreactor:10.0.10722.3:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 13-06-2019 - 13:45)
Impact:
Exploitability:
CWE CWE-611
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:P
Last major update 13-06-2019 - 13:45
Published 11-06-2019 - 21:29
Back to Top