CVE-2019-9628 Information

Feb 14, 2021 cve

Description

The XMLTooling library all versions prior to V3.0.4 provided with the OpenSAML and Shibboleth Service Provider software contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00079.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00095.html https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912 https://security.netapp.com/advisory/ntap-20190611-0003/ https://shibboleth.net/community/advisories/secadv_20190311.txt https://usn.ubuntu.com/3921-1/ https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5

Share on: