CVE-2019-10244
HIGHEclipse Kura < 4.0.0 - XML External Entity Injection via Improper Parser Initialization
Title source: llmDescription
In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.
References (2)
Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugs.eclipse.org/bugs/show_bug.cgi?id=545835
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107844
Scores
CVSS v3
7.5
EPSS
0.0022
EPSS Percentile
44.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (1)
eclipse/kura
< 4.0.0
Published
Apr 09, 2019
Tracked Since
Feb 18, 2026