CVE-2014-3530 Vulnerability in maven package org.picketlink:picketlink-common

Description

The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2014-0883.html

http://rhn.redhat.com/errata/RHSA-2014-0884.html

http://rhn.redhat.com/errata/RHSA-2014-0885.html

http://rhn.redhat.com/errata/RHSA-2014-0886.html

http://rhn.redhat.com/errata/RHSA-2015-0091.html

http://rhn.redhat.com/errata/RHSA-2015-0675.html

http://rhn.redhat.com/errata/RHSA-2015-0720.html

http://rhn.redhat.com/errata/RHSA-2015-0765.html

http://rhn.redhat.com/errata/RHSA-2015-1888.html

http://secunia.com/advisories/60047

http://secunia.com/advisories/60124

http://www.securitytracker.com/id/1030607

https://exchange.xforce.ibmcloud.com/vulnerabilities/94700

Related Vulnerabilities

CVE-2020-6831 Vulnerability in maven package org.webjars.npm:electron

CVE-2022-36881 Vulnerability in maven package org.jenkins-ci.plugins:git-client

CVE-2023-46652 Vulnerability in maven package org.jenkins-ci.plugins:lambdatest-automation

CVE-2022-34211 Vulnerability in maven package org.jenkins-ci.plugins:vmware-vrealize-orchestrator

CVE-2014-0248 Vulnerability in maven package org.jboss.seam:jboss-seam

Severity

Critical

Classification

CWE-200