CVE-2014-125087 MEDIUM

CVE-2014-125087: java-xmlbuilder xml external entity reference

Vendor N/A

Product java-xmlbuilder

Weakness CWE-611 · XXE

Published February 19, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

Description

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.

Key dates

Disclosure timeline

February 19, 2023 CVE published

February 13, 2025 Record updated

Identifiers

CVE CVE-2014-125087

CWE CWE-611

CVSS 5.5 / MEDIUM

Affected versions

Vendor N/A

Product java-xmlbuilder

Affected 1.0

Vendor N/A

Product java-xmlbuilder

Affected 1.1