CVE-2014-2228

Published: Feb 19, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.

Affected (10)

Products: Talend: Restlet

1 product

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Talend Restlet	Up to 2.1.7
Talend Restlet	Version 2.2 m1
Talend Restlet	Version 2.2 m2
Talend Restlet	Version 2.2 m3
Talend Restlet	Version 2.2 m4
Talend Restlet	Version 2.2 m5
Talend Restlet	Version 2.2 m6
Talend Restlet	Version 2.2 rc1
Talend Restlet	Version 2.2 rc2
Talend Restlet	Version 2.2 snapshot

Related CWEs

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

References (2)

https://web.archive.org/web/20140425095352/http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Remote-code-execution-and-XML-Entity-Expansion-injection/ba-p/6403370

Source: cve@mitre.org

ExploitThird Party Advisory

https://web.archive.org/web/20140425095352/http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Remote-code-execution-and-XML-Entity-Expansion-injection/ba-p/6403370

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.