Vulnerability Details CVE-2019-12153
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.2%
CVSS Severity
CVSS v3 Score 10.0
CVSS v2 Score 6.4
References
- https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html
- https://www.pdfreactor.com/important-pdfreactor-security-advisory/
- https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/
- https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html
- https://www.pdfreactor.com/important-pdfreactor-security-advisory/
- https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/
Products affected by CVE-2019-12153
-
cpe:2.3:a:realobjects:pdfreactor:10.0.10702
-
cpe:2.3:a:realobjects:pdfreactor:10.0.10722
-
cpe:2.3:a:realobjects:pdfreactor:10.0.10722.1
-
cpe:2.3:a:realobjects:pdfreactor:10.0.10722.2
-
cpe:2.3:a:realobjects:pdfreactor:10.0.10722.3