Petr Široký

1 exploit Active since Jul 2018
CVE-2017-7545 WRITEUP MEDIUM WRITEUP
jbpmmigration 6.5 - Info Disclosure
It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXternal Entity (XXE) attacks.
CVSS 6.5