← Back

CVE-2019-0228

nvd nist
Published: Apr 17, 2019Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

Affected (32)

Apache
2 products
Pdfbox
James
Fedoraproject
1 product
Fedora
Oracle
11 products
Banking Corporate Lending Process Management
Banking Credit Facilities Process Management
Banking Supply Chain Finance
Banking Trade Finance Process Management
Banking Virtual Account Management
Communications Messaging Server
Communications Session Report Manager
Hyperion Financial Reporting
Peoplesoft Enterprise Peopletools
Retail Xstore Point Of Service
Webcenter Sites
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Pdfbox
Version 2.0.14
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Apache
James
Version 3.3.0
James
Version 3.4.0
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 29
Fedora
Version 30
Configuration D
27 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Banking Corporate Lending Process Management
Version 14.2
Banking Corporate Lending Process Management
Version 14.3
Banking Corporate Lending Process Management
Version 14.5
Oracle
Banking Credit Facilities Process Management
Version 14.2
Banking Credit Facilities Process Management
Version 14.3
Banking Credit Facilities Process Management
Version 14.5
Oracle
Banking Supply Chain Finance
Version 14.2
Banking Supply Chain Finance
Version 14.3
Banking Supply Chain Finance
Version 14.5
Oracle
Banking Trade Finance Process Management
Version 14.2
Banking Trade Finance Process Management
Version 14.3
Banking Trade Finance Process Management
Version 14.5
Oracle
Banking Virtual Account Management
Version 14.2
Banking Virtual Account Management
Version 14.3.0
Banking Virtual Account Management
Version 14.5
Oracle
Communications Messaging Server
Version 8.1
Communications Messaging Server
Version 8.1
Communications Session Report Manager
From 8.0.0.0 to 8.2.4.0
Oracle
Hyperion Financial Reporting
Version 11.1.2.4
Hyperion Financial Reporting
Version 11.2.6.0
Oracle
Peoplesoft Enterprise Peopletools
Version 8.58
Peoplesoft Enterprise Peopletools
Version 8.59
Oracle
Retail Xstore Point Of Service
Version 16.0.6
Retail Xstore Point Of Service
Version 17.0
Retail Xstore Point Of Service
Version 18.0.3
Oracle
Webcenter Sites
Version 12.2.1.3.0
Webcenter Sites
Version 12.2.1.4.0

Related CWEs

CWE-611
Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (24)

Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Third Party Advisory
Source: security@apache.org
Third Party Advisory
Source: security@apache.org
Third Party Advisory
Source: security@apache.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.