Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent malicious users to conduct XML External Entity (XXE) attacks via a crafted XFDF.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache pdfbox 2.0.14 |
||
apache james 3.4.0 |
||
apache james 3.3.0 |
||
fedoraproject fedora 29 |
||
fedoraproject fedora 30 |
||
oracle hyperion financial reporting 11.1.2.4 |
||
oracle webcenter sites 12.2.1.3.0 |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle webcenter sites 12.2.1.4.0 |
||
oracle retail xstore point of service 17.0 |
||
oracle banking virtual account management 14.3.0 |
||
oracle communications messaging server 8.1 |
||
oracle peoplesoft enterprise peopletools 8.59 |
||
oracle retail xstore point of service 16.0.6 |
||
oracle retail xstore point of service 18.0.3 |
||
oracle hyperion financial reporting 11.2.6.0 |
||
oracle banking trade finance process management 14.2 |
||
oracle banking trade finance process management 14.3 |
||
oracle banking trade finance process management 14.5 |
||
oracle banking credit facilities process management 14.2 |
||
oracle banking credit facilities process management 14.3 |
||
oracle banking credit facilities process management 14.5 |
||
oracle banking corporate lending process management 14.2 |
||
oracle banking corporate lending process management 14.3 |
||
oracle banking corporate lending process management 14.5 |
||
oracle banking supply chain finance 14.2 |
||
oracle banking supply chain finance 14.3 |
||
oracle banking supply chain finance 14.5 |
||
oracle banking virtual account management 14.2 |
||
oracle banking virtual account management 14.5 |
||
oracle communications session report manager |