CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2020-10683

CVSS 9.8v3.1pub. 2020-05-01upd. 2024-11-21

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Canonical Ubuntu

    OS
    Canonical
    16.04
  • Dom4j Project Dom4j

    APP
    Dom4J Project
    2.1.0 – 2.1.3 (bez)< 2.0.3
  • Netapp Oncommand Api Services

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Workflow Automation

    APP
    Netapp
    wszystkie wersje
  • Netapp Snapcenter

    APP
    Netapp
    wszystkie wersje
  • Netapp Snap Creator Framework

    APP
    Netapp
    wszystkie wersje
  • Netapp Snapmanager

    APP
    Netapp
    wszystkie wersje
  • Opensuse Leap

    OS
    Opensuse
    15.1
  • Oracle Agile Plm

    APP
    Oracle
    9.3.39.3.5
  • Oracle Application Testing Suite

    APP
    Oracle
    13.3.0.1
  • Oracle Banking Platform

    APP
    Oracle
    2.4.0 – 2.10.0
  • Oracle Business Process Management Suite

    APP
    Oracle
    12.2.1.3.012.2.1.4.0
  • Oracle Communications Application Session Controller

    APP
    Oracle
    3.9m0p1
  • Oracle Communications Diameter Signaling Router

    APP
    Oracle
    8.0.0 – 8.2.2
  • Oracle Communications Unified Inventory Management

    APP
    Oracle
    7.3.07.4.0
  • Oracle Data Integrator

    APP
    Oracle
    12.2.1.3.012.2.1.4.0
  • Oracle Documaker

    APP
    Oracle
    12.6.0 – 12.6.4
  • Oracle Endeca Information Discovery Integrator

    APP
    Oracle
    3.2.0
  • Oracle Enterprise Data Quality

    APP
    Oracle
    11.1.1.9.012.2.1.3.0
  • Oracle Enterprise Manager Base Platform

    APP
    Oracle
    13.4.0.0
  • Oracle Financial Services Analytical Applications Infrastructure

    APP
    Oracle
    8.0.6 – 8.1.0
  • Oracle Flexcube Core Banking

    APP
    Oracle
    11.10.011.7.011.8.011.9.0
  • Oracle Fusion Middleware

    APP
    Oracle
    12.2.1.4.0
  • Oracle Health Sciences Empirica Signal

    APP
    Oracle
    9.0
  • Oracle Health Sciences Information Manager

    APP
    Oracle
    3.0.1
  • Oracle Insurance Policy Administration J2ee

    APP
    Oracle
    10.2.010.2.411.0.211.1.0 – 11.3.0
  • Oracle Insurance Rules Palette

    APP
    Oracle
    10.2.010.2.411.0.211.1.0 – 11.3.0
  • Oracle Jdeveloper

    APP
    Oracle
    12.2.1.4.0
  • Oracle Primavera P6 Enterprise Project Portfolio Management

    APP
    Oracle
    19.12.0.0 – 19.12.6.016.1.0.0 – 16.2.20.117.1.0.0 – 17.12.17.118.1.0.0 – 18.8.19.0
  • Oracle Rapid Planning

    APP
    Oracle
    12.112.2
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
XXE
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2022-0543CRITICAL10.0⚠ KEVten sam produkt

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debia...

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...