CVE-2015-1818

Published: Aug 11, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document.

Affected (1)

Products: Redhat: Jboss Bpm Suite

1 product

Jboss Bpm Suite

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Bpm Suite	Up to 6.1.0

References (4)

http://rhn.redhat.com/errata/RHSA-2015-1539.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-1704.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-1539.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2015-1704.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.