CVE-2019-12153 Information

Description

Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Reference

https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html https://www.pdfreactor.com/important-pdfreactor-security-advisory/ https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

10.0