Vulnerability Description
It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXternal Entity (XXE) attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Decision Manager | 7.0 |
| Redhat | Jboss Bpm Suite | 6.4 |
| Redhat | Jbpm | 6.5 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102179Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:3354Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:3355Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7545Issue TrackingPatchVendor Advisory
- https://github.com/kiegroup/jbpm-designer/commit/a143f3b92a6a5a527d929d68c02a0c5PatchThird Party Advisory
- http://www.securityfocus.com/bid/102179Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:3354Vendor Advisory
- https://access.redhat.com/errata/RHSA-2017:3355Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7545Issue TrackingPatchVendor Advisory
- https://github.com/kiegroup/jbpm-designer/commit/a143f3b92a6a5a527d929d68c02a0c5PatchThird Party Advisory
FAQ
What is CVE-2017-7545?
CVE-2017-7545 is a vulnerability with a CVSS score of 6.5 (MEDIUM). It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessibl...
How severe is CVE-2017-7545?
CVE-2017-7545 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7545?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Decision Manager, Redhat Jboss Bpm Suite, Redhat Jbpm.