Vulnerabilities > CVE-2015-1818 - Unspecified vulnerability in Redhat Jboss BPM Suite

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

redhat

NVD

Published: 2015-08-11

Updated: 2024-11-21

Summary

XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Jboss BPM Suite 6.0.0 Redhat Jboss BPM Suite 6.0.1 Redhat Jboss BPM Suite 6.0.3 Redhat Jboss BPM Suite 6.1	4

Redhat

advisories

rhsa
id RHSA-2015:1539
rhsa
id RHSA-2015:1704

References

http://rhn.redhat.com/errata/RHSA-2015-1539.html
http://rhn.redhat.com/errata/RHSA-2015-1539.html
http://rhn.redhat.com/errata/RHSA-2015-1704.html
http://rhn.redhat.com/errata/RHSA-2015-1704.html