ID CVE-2020-6958
Summary An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.
References
Vulnerable Configurations
  • cpe:2.3:a:yet_another_java_service_wrapper_project:yet_another_java_service_wrapper:12.14:*:*:*:*:*:*:*
    cpe:2.3:a:yet_another_java_service_wrapper_project:yet_another_java_service_wrapper:12.14:*:*:*:*:*:*:*
CVSS
Base: 6.4
Impact:
Exploitability:
CWE CWE-611
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
Last major update 14-01-2020 - 00:15
Published 14-01-2020 - 00:15
Last modified 21-01-2020 - 16:08
Back to Top