CVE-2017-8316 Information

Description

IntelliJ IDEA XML parser was found vulnerable to XML External Entity attack an attacker can exploit the vulnerability by implementing malicious code on both Androidmanifest.xml.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://git.jetbrains.org/?p=idea/adt-tools-base.git;a=commit;h=a778b2b88515513654e002cd51cbe8eb8226e96b https://research.checkpoint.com/parsedroid-targeting-android-development-research-community/ https://youtrack.jetbrains.com/issue/IDEA-175381

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5