What the vulnerability does

01Description

In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.

Key dates

02Disclosure timeline

April 9, 2019 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE