Vulnerabilities > CVE-2020-13692 - XXE vulnerability in multiple products

CVSS 7.7 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

HIGH

network

high complexity

NVD

Published: 2020-06-04

Updated: 2023-11-07

Summary

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Vulnerable Configurations

Part	Description	Count
Application	Postgresql Postgresql Postgresql Jdbc Driver - Postgresql Postgresql Jdbc Driver 8.1 Postgresql Postgresql Jdbc Driver 9.0-801 Postgresql Postgresql Jdbc Driver 9.1-901 Postgresql Postgresql Jdbc Driver 9.1-902 Postgresql Postgresql Jdbc Driver 9.2-1000 Postgresql Postgresql Jdbc Driver 9.2-1001 Postgresql Postgresql Jdbc Driver 9.2-1002 Postgresql Postgresql Jdbc Driver 9.2-1003 Postgresql Postgresql Jdbc Driver 9.2-1004 Postgresql Postgresql Jdbc Driver 9.3-1100 Postgresql Postgresql Jdbc Driver 9.3-1101 Postgresql Postgresql Jdbc Driver 9.3-1102 Postgresql Postgresql Jdbc Driver 9.3-1103 Postgresql Postgresql Jdbc Driver 9.4-1200 Postgresql Postgresql Jdbc Driver 9.4-1201 Postgresql Postgresql Jdbc Driver 9.4-1202 Postgresql Postgresql Jdbc Driver 9.4-1203 Postgresql Postgresql Jdbc Driver 9.4-1204 Postgresql Postgresql Jdbc Driver 9.4-1205 Postgresql Postgresql Jdbc Driver 9.4-1206 Postgresql Postgresql Jdbc Driver 9.4.1207 Postgresql Postgresql Jdbc Driver 9.4.1208 Postgresql Postgresql Jdbc Driver 9.4.1209 Postgresql Postgresql Jdbc Driver 9.4.1210 Postgresql Postgresql Jdbc Driver 9.4.1211 Postgresql Postgresql Jdbc Driver 9.4.1212 Postgresql Postgresql Jdbc Driver 42.0.0 Postgresql Postgresql Jdbc Driver 42.1.0 Postgresql Postgresql Jdbc Driver 42.1.1 Postgresql Postgresql Jdbc Driver 42.1.2 Postgresql Postgresql Jdbc Driver 42.1.3 Postgresql Postgresql Jdbc Driver 42.1.4 Postgresql Postgresql Jdbc Driver 42.2.0 Postgresql Postgresql Jdbc Driver 42.2.1 Postgresql Postgresql Jdbc Driver 42.2.2 Postgresql Postgresql Jdbc Driver 42.2.3 Postgresql Postgresql Jdbc Driver 42.2.4 Postgresql Postgresql Jdbc Driver 42.2.5 Postgresql Postgresql Jdbc Driver 42.2.6 Postgresql Postgresql Jdbc Driver 42.2.7 Postgresql Postgresql Jdbc Driver 42.2.8 Postgresql Postgresql Jdbc Driver 42.2.9 Postgresql Postgresql Jdbc Driver 42.2.10 Postgresql Postgresql Jdbc Driver 42.2.11 Postgresql Postgresql Jdbc Driver 42.2.12	46
Application	Quarkus Quarkus Quarkus 0.0.1 Quarkus Quarkus 0.1.0 Quarkus Quarkus 0.2.0 Quarkus Quarkus 0.3.0 Quarkus Quarkus 0.4.0 Quarkus Quarkus 0.5.0 Quarkus Quarkus 0.6.0 Quarkus Quarkus 0.7.0 Quarkus Quarkus 0.8.0 Quarkus Quarkus 0.9.0 Quarkus Quarkus 0.9.1 Quarkus Quarkus 0.10.0 Quarkus Quarkus 0.11.0 Quarkus Quarkus 0.12.0 Quarkus Quarkus 0.13.0 Quarkus Quarkus 0.13.1 Quarkus Quarkus 0.13.2 Quarkus Quarkus 0.13.3 Quarkus Quarkus 0.14.0 Quarkus Quarkus 0.15.0 Quarkus Quarkus 0.16.0 Quarkus Quarkus 0.16.1 Quarkus Quarkus 0.17.0 Quarkus Quarkus 0.18.0 Quarkus Quarkus 0.19.0 Quarkus Quarkus 0.19.1 Quarkus Quarkus 0.20.0 Quarkus Quarkus 0.21.0 Quarkus Quarkus 0.21.1 Quarkus Quarkus 0.21.2 Quarkus Quarkus 0.22.0 Quarkus Quarkus 0.23.0 Quarkus Quarkus 0.23.1 Quarkus Quarkus 0.23.2 Quarkus Quarkus 0.24.0 Quarkus Quarkus 0.25.0 Quarkus Quarkus 0.26.0 Quarkus Quarkus 0.26.1 Quarkus Quarkus 0.27.0 Quarkus Quarkus 0.28.0 Quarkus Quarkus 0.28.1 Quarkus Quarkus 1.0.0 Quarkus Quarkus 1.0.1 Quarkus Quarkus 1.1.0 Quarkus Quarkus 1.1.1 Quarkus Quarkus 1.2.0 Quarkus Quarkus 1.2.1 Quarkus Quarkus 1.3.0 Quarkus Quarkus 1.3.1 Quarkus Quarkus 1.3.2 Quarkus Quarkus 1.3.3 Quarkus Quarkus 1.3.4 Quarkus Quarkus 1.4.0 Quarkus Quarkus 1.4.1 Quarkus Quarkus 1.4.2 Quarkus Quarkus 1.5.0 Quarkus Quarkus 1.5.1 Quarkus Quarkus 1.5.2	76
Application	Netapp Netapp Steelstore Cloud Integrated Storage -	1
OS	Fedoraproject Fedoraproject Fedora 32	1
OS	Debian Debian Debian Linux 10.0 Debian Debian Linux 11.0	2

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.