VDB
CVE-2019-9628
CVE-2019-9628
PUBLISHED
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
EPSS 0.80% · 74.4th percentile
Risk Scores
EPSS Score
0.80%
74.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | xmltooling | 0, 1.6.0-5, 1.6.0-5build1 |
| Ubuntu:14.04:LTS | xmltooling | 1.5.3-2+deb8u3build0.14.04.1, 0, 1.5.3-2 |
| Ubuntu:16.04:LTS | xmltooling | 1.5.6-2ubuntu0.1, 0, 1.5.3-2.1ubuntu2 |
Exploit Intelligence
- https://shibboleth.net/community/advisories/secadv_20190311.txt (circl)
- USN-3921-1 (circl)
- https://wiki.shibboleth.net/confluence/display/SP3/SecurityAdvisories (circl)
- https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912 (circl)
- openSUSE-SU-2019:1235 (circl)
- openSUSE-SU-2019:1276 (circl)
- https://security.netapp.com/advisory/ntap-20190611-0003/ (circl)
Timeline
- Mar 12, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-9628 third-party-advisory
- https://shibboleth.net/community/advisories/secadv_20190311.txt third-party-advisory
- https://issues.shibboleth.net/jira/browse/CPPXT-143 third-party-advisory
- https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=af27c422f551e16989ff6f1722d83614c8550eb5 third-party-advisory
- https://ubuntu.com/security/notices/USN-3921-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-9628 third-party-advisory