CVE-2017-15691 — MEDIUM (6.5)

Q: How severe is CVE-2017-15691?

CVE-2017-15691 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-15691?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Uimaj, Apache Uima-As, Apache Uimafit, Apache Uimaducc.

Vulnerability Description

In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Uimaj	< 2.10.2
Apache	Uima-As	< 2.10.2
Apache	Uimafit	< 2.4.0
Apache	Uimaducc	< 2.2.2

Related Weaknesses (CWE)

CWE-611

References

FAQ

What is CVE-2017-15691?

CVE-2017-15691 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates t...

How severe is CVE-2017-15691?

CVE-2017-15691 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-15691?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Uimaj, Apache Uima-As, Apache Uimafit, Apache Uimaducc.