Vulnerabilities > CVE-2020-6958 - XXE vulnerability in YET Another Java Service Wrapper Project YET Another Java Service Wrapper 12.14
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
HIGH Summary
An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://github.com/NationalSecurityAgency/ghidra/issues/943
- https://github.com/NationalSecurityAgency/ghidra/issues/943
- https://github.com/purpleracc00n/Exploits-and-PoC/blob/master/XXE%20in%20YAJSW%E2%80%99s%20JnlpSupport%20affects%20Ghidra%20Server.md
- https://github.com/purpleracc00n/Exploits-and-PoC/blob/master/XXE%20in%20YAJSW%E2%80%99s%20JnlpSupport%20affects%20Ghidra%20Server.md
- https://sourceforge.net/p/yajsw/bugs/166/
- https://sourceforge.net/p/yajsw/bugs/166/