Home

CVE-2019-9628

Description

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.829

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-9628 are fixed in OpenSAML-xmltooling 3.0.4Windows
C++ XML parsing library with encryption support (USN-3921-1) libxmltooling6_1.5.3-2+deb8u3ubuntu0.1_i386.debLinux
C++ XML parsing library with encryption support (USN-3921-1) libxmltooling6_1.5.3-2+deb8u3ubuntu0.1_amd64.debLinux
C++ XML parsing library with encryption support (USN-3921-1) libxmltooling7_1.6.4-1ubuntu2.1_i386.debLinux
C++ XML parsing library with encryption support (USN-3921-1) libxmltooling7_1.6.4-1ubuntu2.1_amd64.debLinux
C++ XML parsing library with encryption support (USN-3921-1) libxmltooling8_3.0.2-1ubuntu1.1_i386.debLinux
C++ XML parsing library with encryption support (USN-3921-1) libxmltooling8_3.0.2-1ubuntu1.1_amd64.debLinux
C++ XML parsing library with encryption support (USN-3921-1) libxmltooling6v5_1.5.6-2ubuntu0.3_i386.debLinux
C++ XML parsing library with encryption support (USN-3921-1) libxmltooling6v5_1.5.6-2ubuntu0.3_amd64.debLinux
SUSE-SU-2019:0928-1(SUSE Linux Enterprise Server 12-SP3 ) libxmltooling6-1.5.6-3.9.1.x86_64.rpmLinux
SUSE-SU-2019:0928-1(SUSE Linux Enterprise Server 12-SP3 ) libxmltooling6-debuginfo-1.5.6-3.9.1.x86_64.rpmLinux
SUSE-SU-2019:0928-1(SUSE Linux Enterprise Server 12-SP3 ) xmltooling-debugsource-1.5.6-3.9.1.x86_64.rpmLinux
SUSE-SU-2019:0928-1(SUSE Linux Enterprise Server 12-SP3 ) xmltooling-schemas-1.5.6-3.9.1.x86_64.rpmLinux
Vulnerabilities CVE-2019-9628 are fixed in OpenSAML-xmltooling for Linux 3.0.4Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234