CVE-2023-6194
LOW
2,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
Description
AI Translation Available
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit
document type definition (DTD) references to external entities.
This means that if a user chooses to use a malicious report definition XML file containing an external entity reference
to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0004
Percentile
0,1th
Updated
EPSS Score Trend (Last 90 Days)
611
Improper Restriction of XML External Entity Reference
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Potential Impacts:
Read Application Data
Read Files Or Directories
Bypass Protection Mechanism
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Applicable Platforms
Languages:
Not Language-Specific, XML
Technologies:
Not Technology-Specific, Web Based
Application
Memory Analyzer by Eclipse
Version Range Affected
From
0.7
(inclusive)
To
1.14.0
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:eclipse:memory_analyzer:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631
https://gitlab.eclipse.org/security/cve-assignement/-/issues/15
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169
https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631
https://gitlab.eclipse.org/security/cve-assignement/-/issues/15
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169