CVE-2014-8125

Published: Apr 21, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.redhat.com/show_bug.cgi?id=1169553

x_refsource_CONFIRM

RHSA-2015:0850

vendor-advisory

x_refsource_REDHAT

https://github.com/droolsjbpm/jbpm/commit/713e8073ecf45623cfc5c918c5cbf700203f46e5

x_refsource_CONFIRM

https://github.com/droolsjbpm/drools/commit/c48464c3b246e6ef0d4cd0dbf67e83ccd532c6d3

x_refsource_CONFIRM

RHSA-2015:0851

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-8125

Description

Affected Products

References