CVE-2018-1000632
Description
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
1.611
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-10683,CVE-2018-1000632 are fixed in dom4j.org-dom4j 2.0.3 | Windows |
| Vulnerabilities CVE-2018-1000632 are fixed in dom4j.org-dom4j 2.1.1 | Windows |
| Multiple Vulnerabilities are affected in Netapp Snapcenter - | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation - | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.0.0 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.4.0 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 7.1.0 | Windows |
| Vulnerabilities CVE-2018-1000632,CVE-2020-10683,CVE-2020-14653 are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 16.2.20.1 | Windows |
| Vulnerabilities CVE-2018-1000632,CVE-2020-10683,CVE-2020-14653,CVE-2020-14706 are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 17.12.17.1 | Windows |
| Vulnerabilities CVE-2018-1000632,CVE-2020-10683,CVE-2020-14706 are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 18.8.19.0 | Windows |
| Vulnerabilities CVE-2018-1000632,CVE-2020-10683 are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 19.12.6.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2 | Windows |
| Vulnerabilities CVE-2020-10683,CVE-2018-1000632 are affected in Dom4j - dom4j 1.6.1 | Windows |
| Flexible XML framework for Java (USN-4619-1) libdom4j-java_1.6.1+dfsg.3-2ubuntu1.2_all.deb | Linux |
| Vulnerabilities CVE-2020-10683,CVE-2018-1000632 are fixed in dom4j.org-dom4j for Linux 2.0.3 | Linux |
| Vulnerabilities CVE-2018-1000632 are fixed in dom4j.org-dom4j for Linux 2.1.1 | Linux |
| Vulnerabilities CVE-2020-10683,CVE-2018-1000632 are affected in Dom4j - dom4j for Linux 1.6.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234