Vulnerabilities > CVE-2014-0171 - XML External Entity Injection vulnerability in odata4j

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
redhat
odata4j-project

Summary

XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint. CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

Vulnerable Configurations

Part Description Count
Application
Redhat
3
Application
Odata4J_Project
1

Redhat

advisories
rhsa
idRHSA-2015:0034