Description

org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue.

Remediation

References

CVE-2014-3481

Related Vulnerabilities

Oracle JRE CVE-2022-21296 Vulnerability (CVE-2022-21296)

WordPress Plugin Mass Pages/Posts Creator Cross-Site Scripting (1.2.2)

IBM WebSEAL Improper Input Validation Vulnerability (CVE-2021-20496)

WordPress Plugin Elementor Website Builder Multiple Cross-Site Scripting Vulnerabilities (3.1.1)

WordPress Plugin WP-Testimonials SQL Injection (3.4.1)

Severity

Medium

Classification

CVE-2014-3481 CWE-200

Tags

Missing Update Known Vulnerabilities