CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-1818

XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 75.1%

CVSS Severity

CVSS v2 Score 7.5

References

http://rhn.redhat.com/errata/RHSA-2015-1539.html
http://rhn.redhat.com/errata/RHSA-2015-1704.html
http://rhn.redhat.com/errata/RHSA-2015-1539.html
http://rhn.redhat.com/errata/RHSA-2015-1704.html

Products affected by CVE-2015-1818

Redhat » Jboss Bpm Suite » Version: 6.0.0

cpe:2.3:a:redhat:jboss_bpm_suite:6.0.0
Redhat » Jboss Bpm Suite » Version: 6.0.1

cpe:2.3:a:redhat:jboss_bpm_suite:6.0.1
Redhat » Jboss Bpm Suite » Version: 6.0.3

cpe:2.3:a:redhat:jboss_bpm_suite:6.0.3
Redhat » Jboss Bpm Suite » Version: 6.1

cpe:2.3:a:redhat:jboss_bpm_suite:6.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-1818

Products

Pricing

Contact Us