CVE-2014-3530 Information

Feb 14, 2021 cve

Description

The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4 expands entity references which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors related to an XML External Entity (XXE) issue.

Reference

http://rhn.redhat.com/errata/RHSA-2014-0883.html http://rhn.redhat.com/errata/RHSA-2014-0884.html http://rhn.redhat.com/errata/RHSA-2014-0885.html http://rhn.redhat.com/errata/RHSA-2014-0886.html http://rhn.redhat.com/errata/RHSA-2015-0091.html http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://rhn.redhat.com/errata/RHSA-2015-0765.html http://rhn.redhat.com/errata/RHSA-2015-1888.html http://secunia.com/advisories/60047 http://secunia.com/advisories/60124 http://www.securitytracker.com/id/1030607 https://exchange.xforce.ibmcloud.com/vulnerabilities/94700

Share on: