XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote malicious users to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jbpm-designer 6.0.0 |
||
redhat jbpm-designer 6.2.0 |
||
redhat jbpm-designer 6.0.1 |