CVE-2019-20191

Published: Mar 16, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Oxygen XML Editor 21.1.1 allows XXE to read any file.

Affected (3)

Products: Sync: Oxygen Xml Author, Oxygen Xml Developer, Oxygen Xml Editor

3 products

Oxygen Xml Author

Oxygen Xml Developer

Oxygen Xml Editor

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Sync Oxygen Xml Author	Up to 21.1
Sync Oxygen Xml Developer	Up to 21.1
Sync Oxygen Xml Editor	Up to 21.1.1

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (2)

https://medium.com/%40Pablo0xSantiago/cve-2019-20191-oxygen-xml-editor-21-1-1-allows-xxe-216b816f312b

Source: cve@mitre.org

https://medium.com/%40Pablo0xSantiago/cve-2019-20191-oxygen-xml-editor-21-1-1-allows-xxe-216b816f312b

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.