CVE-2015-1818

EUVD-2015-1940
XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
redhatjboss_bpm_suite
𝑥
≤ 6.1.0
𝑥
= Vulnerable software versions
References
http://rhn.redhat.com/errata/RHSA-2015-1539.html
http://rhn.redhat.com/errata/RHSA-2015-1704.html
http://rhn.redhat.com/errata/RHSA-2015-1539.html
http://rhn.redhat.com/errata/RHSA-2015-1704.html