It exists that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXternal Entity (XXE) attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jbpm 6.5 |
||
redhat decision manager 7.0 |
||
redhat jboss bpm suite 6.4 |