Vulnerability Details CVE-2019-12154
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 82.1%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html
- https://www.pdfreactor.com/important-pdfreactor-security-advisory/
- https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/
- https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html
- https://www.pdfreactor.com/important-pdfreactor-security-advisory/
- https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/
Products affected by CVE-2019-12154
-
cpe:2.3:a:realobjects:pdfreactor:10.0.10702
-
cpe:2.3:a:realobjects:pdfreactor:10.0.10722
-
cpe:2.3:a:realobjects:pdfreactor:10.0.10722.1
-
cpe:2.3:a:realobjects:pdfreactor:10.0.10722.2
-
cpe:2.3:a:realobjects:pdfreactor:10.0.10722.3