CVE-2015-1818 — Vulnetix

Try Vulnetix Request Demo

CVE-2015-1818 PUBLISHED CVSS 7.5 HIGH

XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document.

EPSS 0.54% · 67.3th percentile

Risk Scores

CVSS v2.0

7.5

EPSS Score

0.54%

67.3th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
redhat	jboss_bpm_suite	0

Timeline

Aug 11, 2015 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

RHSA-2015:1539 vendor-advisory
RHSA-2015:1704 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2015-1818 advisory

Open in Interactive Console →