CVE-2019-0228 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
apache	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Vendor	Product	Version
apache	pdfbox	2.0.14
apache	james	3.3.0
apache	james	3.4.0
oracle	banking_corporate_lending_process_management	14.2
oracle	banking_corporate_lending_process_management	14.3
oracle	banking_corporate_lending_process_management	14.5
oracle	banking_credit_facilities_process_management	14.2
oracle	banking_credit_facilities_process_management	14.3
oracle	banking_credit_facilities_process_management	14.5
oracle	banking_supply_chain_finance	14.2
oracle	banking_supply_chain_finance	14.3
oracle	banking_supply_chain_finance	14.5
oracle	banking_trade_finance_process_management	14.2
oracle	banking_trade_finance_process_management	14.3
oracle	banking_trade_finance_process_management	14.5
oracle	banking_virtual_account_management	14.2
oracle	banking_virtual_account_management	14.3.0
oracle	banking_virtual_account_management	14.5
oracle	communications_messaging_server	8.1
oracle	communications_session_report_manager	8.0.0.0 ≤ 𝑥 ≤ 8.2.4.0
oracle	hyperion_financial_reporting	11.1.2.4
oracle	hyperion_financial_reporting	11.2.6.0
oracle	peoplesoft_enterprise_peopletools	8.58
oracle	peoplesoft_enterprise_peopletools	8.59
oracle	retail_xstore_point_of_service	16.0.6
oracle	retail_xstore_point_of_service	17.0
oracle	retail_xstore_point_of_service	18.0.3
oracle	webcenter_sites	12.2.1.3.0
oracle	webcenter_sites	12.2.1.4.0
oracle	communications_messaging_server	8.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libpdfbox-java

bookworm	1:1.8.16-2 fixed
bullseye	1:1.8.16-2 fixed
sid	1:1.8.16-5 fixed
trixie	1:1.8.16-5 fixed

libpdfbox2-java

bullseye	2.0.23-1 fixed
bookworm	2.0.27-2 fixed
sid	2.0.29-1 fixed
trixie	2.0.29-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libpdfbox-java

cosmic	not-affected
bionic	not-affected
xenial	not-affected
trusty	dne

libpdfbox2-java

cosmic	not-affected
bionic	not-affected
xenial	dne
trusty	dne

Common Weakness Enumeration

CWE-611 - Improper Restriction of XML External Entity Reference
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References

https://lists.apache.org/thread.html/1a3756557f8cb02790b7183ccf7665ae23f608a421c4f723113bca79%40%3Cusers.pdfbox.apache.org%3E

https://lists.apache.org/thread.html/8a19bd6d43e359913341043c2a114f91f9e4ae170059539ad1f5673c%40%3Ccommits.tika.apache.org%3E

https://lists.apache.org/thread.html/bc8db1bf459f1ad909da47350ed554ee745abe9f25f2b50cad4e06dd%40%3Cserver-dev.james.apache.org%3E

https://lists.apache.org/thread.html/be86fcd7cd423a3fe6b73a3cb9d7cac0b619d0deb99e6b5d172c98f4%40%3Ccommits.tika.apache.org%3E

https://lists.apache.org/thread.html/r0a2141abeddae66dd57025f1681c8425834062b7c0c7e0b1d830a95d%40%3Cusers.pdfbox.apache.org%3E

https://lists.apache.org/thread.html/r32b8102392a174b17fd19509a9e76047f74852b77b7bf46af95e45a2%40%3Cserver-dev.james.apache.org%3E

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpuoct2021.html

https://lists.apache.org/thread.html/1a3756557f8cb02790b7183ccf7665ae23f608a421c4f723113bca79%40%3Cusers.pdfbox.apache.org%3E

https://lists.apache.org/thread.html/8a19bd6d43e359913341043c2a114f91f9e4ae170059539ad1f5673c%40%3Ccommits.tika.apache.org%3E

https://lists.apache.org/thread.html/bc8db1bf459f1ad909da47350ed554ee745abe9f25f2b50cad4e06dd%40%3Cserver-dev.james.apache.org%3E

https://lists.apache.org/thread.html/be86fcd7cd423a3fe6b73a3cb9d7cac0b619d0deb99e6b5d172c98f4%40%3Ccommits.tika.apache.org%3E

https://lists.apache.org/thread.html/r0a2141abeddae66dd57025f1681c8425834062b7c0c7e0b1d830a95d%40%3Cusers.pdfbox.apache.org%3E

https://lists.apache.org/thread.html/r32b8102392a174b17fd19509a9e76047f74852b77b7bf46af95e45a2%40%3Cserver-dev.james.apache.org%3E

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HKVPTJWZGUB4MH4AAOWMRJHRDBYFHGJ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPOGHJ5CVMUVCRQU7APBAN5IVZGZFDX/

https://www.oracle.com//security-alerts/cpujul2021.html

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpuoct2021.html