ID CVE-2014-8125
Summary XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:drools:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:drools:6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.0.0:alpha7:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.0.0:alpha7:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.0.0:alpha9:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.0.0:alpha9:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.0.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.0.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.0.0:beta5:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.0.0:beta5:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.0.0:cr1:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.0.0:cr1:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.0.0:cr2:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.0.0:cr2:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.0.0:cr3:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.0.0:cr3:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.0.0:cr4:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.0.0:cr4:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.0.0:cr5:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.0.0:cr5:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.1.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.1.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.1.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.1.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.1.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.1.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.1.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.1.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.1.0:cr1:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.1.0:cr1:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jbpm:6.1.0:cr2:*:*:*:*:*:*
    cpe:2.3:a:redhat:jbpm:6.1.0:cr2:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 26-05-2015 - 17:56)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2015:0850
  • rhsa
    id RHSA-2015:0851
refmap via4
confirm
Last major update 26-05-2015 - 17:56
Published 21-04-2015 - 17:59
Last modified 26-05-2015 - 17:56
Back to Top