CVE-2015-1818

XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
redhatjboss_bpm_suite
𝑥
≤ 6.1.0
𝑥
= Vulnerable software versions
References
http://rhn.redhat.com/errata/RHSA-2015-1539.html
http://rhn.redhat.com/errata/RHSA-2015-1704.html
http://rhn.redhat.com/errata/RHSA-2015-1539.html
http://rhn.redhat.com/errata/RHSA-2015-1704.html