CVE-2014-3004
Description
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
1.403
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2014-3004 are fixed in Codehaus-castor 1.3.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 18.0.0.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.10 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Vulnerabilities CVE-2014-3004 are affected in Castor - castor 1.0 | Windows |
| Vulnerabilities CVE-2014-3004 are fixed in Codehaus-castor for Linux 1.3.3 | Linux |
| Vulnerabilities CVE-2014-3004 are affected in Castor - castor for Linux 1.0 | Linux |
| Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3004) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234