CVE-2020-10683
Description
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
7.684
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-10683,CVE-2018-1000632 are fixed in dom4j.org-dom4j 2.0.3 | Windows |
| Vulnerabilities CVE-2020-10683 are fixed in dom4j.org-dom4j 2.1.3 | Windows |
| Multiple Vulnerabilities are affected in Netapp Snapcenter - | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Workflow Automation - | Windows |
| Multiple vulnerabilities are affected in Oracle Commerce Platform 11.3.2 | Windows |
| Vulnerabilities CVE-2018-17196,CVE-2020-10683 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.6 | Windows |
| Vulnerabilities CVE-2020-10683 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 16.2.20.1 | Windows |
| Vulnerabilities CVE-2020-10683,CVE-2020-14706 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.17.1 | Windows |
| Vulnerabilities CVE-2020-10683,CVE-2020-14706 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 18.8.19 | Windows |
| Vulnerabilities CVE-2018-1000632,CVE-2020-10683,CVE-2020-14653 are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 16.2.20.1 | Windows |
| Vulnerabilities CVE-2018-1000632,CVE-2020-10683,CVE-2020-14653,CVE-2020-14706 are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 17.12.17.1 | Windows |
| Vulnerabilities CVE-2018-1000632,CVE-2020-10683,CVE-2020-14706 are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 18.8.19.0 | Windows |
| Vulnerabilities CVE-2018-1000632,CVE-2020-10683 are affected in Oracle Corporation Primavera P6 Enterprise Project Portfolio Management 19.12.6.0 | Windows |
| Vulnerabilities CVE-2020-10683,CVE-2020-14653 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 16.2.20.1 | Windows |
| Vulnerabilities CVE-2020-10683,CVE-2020-14653,CVE-2020-14706 are affected in Oracle Primavera P6 Enterprise Project Portfolio Management 17.12.17.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2 | Windows |
| Vulnerabilities CVE-2020-10683,CVE-2018-1000632 are affected in Dom4j - dom4j 1.6.1 | Windows |
| Flexible XML framework for Java (USN-4575-1) libdom4j-java_1.6.1+dfsg.3-2ubuntu1.1_all.deb | Linux |
| Vulnerabilities CVE-2020-10683,CVE-2018-1000632 are fixed in dom4j.org-dom4j for Linux 2.0.3 | Linux |
| Vulnerabilities CVE-2020-10683 are fixed in dom4j.org-dom4j for Linux 2.1.3 | Linux |
| Vulnerabilities CVE-2020-10683,CVE-2018-1000632 are affected in Dom4j - dom4j for Linux 1.6.1 | Linux |
| Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-10683) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234