Description
In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.
Remediation
References
http://www.securityfocus.com/bid/107844
https://bugs.eclipse.org/bugs/show_bug.cgi?id=545835
Related Vulnerabilities
CVE-2017-2609 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-47320 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web
CVE-2016-1000031 Vulnerability in maven package commons-fileupload:commons-fileupload