CVE-2017-15691 Information

Feb 14, 2021 cve

Description

In Apache uimaj prior to 2.10.2 Apache uimaj 3.0.0-xxx prior to 3.0.0-beta Apache uima-as prior to 2.10.2 Apache uimaFIT prior to 2.4.0 Apache uimaDUCC prior to 2.2.2 this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://access.redhat.com/errata/RHSA-2019:1545 https://lists.apache.org/thread.html/00407c65738e625a8cc9d732923a4ab2d8299603cc7c7e5cc2da9c79@3Ccommits.uima.apache.org3E https://uima.apache.org/security_reportCVE-2017-15691

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5

Share on: