Vulnerabilities > CVE-2020-25649 - XXE vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE

Summary

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Vulnerable Configurations

Part Description Count
Application
Fasterxml
52
Application
Netapp
3
Application
Quarkus
80
Application
Apache
14
Application
Oracle
102
OS
Fedoraproject
1
OS
Oracle
2

References