CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-0171

XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.5%

CVSS Severity

CVSS v2 Score 5.0

References

http://rhn.redhat.com/errata/RHSA-2015-0034.html
https://issues.jboss.org/browse/TEIID-2911
http://rhn.redhat.com/errata/RHSA-2015-0034.html
https://issues.jboss.org/browse/TEIID-2911

Products affected by CVE-2014-0171

Odata4j Project » Odata4j » Version: N/A

cpe:2.3:a:odata4j_project:odata4j:-
Redhat » Jboss Data Virtualization » Version: 5.0.0

cpe:2.3:a:redhat:jboss_data_virtualization:5.0.0
Redhat » Jboss Data Virtualization » Version: 6.0.0

cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0171

Products

Pricing

Contact Us