CVE-2018-1000632
The MITRE CVE dictionary describes this issue as:
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Find out more about CVE-2018-1000632 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 5.3 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | Low |
| Availability Impact | None |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat Virtualization 4 | rhvm-appliance | Affected |
| Red Hat Subscription Asset Manager 1 | dom4j | Under investigation |
| Red Hat Software Collections for Red Hat Enterprise Linux | rh-java-common-dom4j | Affected |
| Red Hat Software Collections for Red Hat Enterprise Linux | rh-maven35-dom4j | Affected |
| Red Hat Single Sign-On 7 | dom4j | Under investigation |
| Red Hat Satellite 6 | dom4j | Affected |
| Red Hat Satellite 5 | dom4j | Under investigation |
| Red Hat OpenShift Application Runtimes 1.0 | springboot | Under investigation |
| Red Hat Mobile Application Platform On-Premise 4 | dom4j | Under investigation |
| Red Hat JBoss Web Server 3.0 | dom4j | Will not fix |
| Red Hat JBoss Operations Network 3 | dom4j | Under investigation |
| Red Hat JBoss Fuse Service Works 6 | dom4j | Under investigation |
| Red Hat JBoss Fuse 7 | dom4j | Under investigation |
| Red Hat JBoss Fuse 6 | dom4j | Under investigation |
| Red Hat JBoss Enterprise SOA Platform 5 | dom4j | Under investigation |
| Red Hat JBoss EWS 2 | dom4j | Will not fix |
| Red Hat JBoss EAP 7 | dom4j | Affected |
| Red Hat JBoss EAP 6 | dom4j | Affected |
| Red Hat JBoss EAP 5 | dom4j | Will not fix |
| Red Hat JBoss BRMS 6 | dom4j | Under investigation |
| Red Hat JBoss BRMS 5 | dom4j | Under investigation |
| Red Hat JBoss BPMS 6 | dom4j | Under investigation |
| Red Hat Enterprise Linux 7 | dom4j | Affected |
CVE description copyright © 2017, The MITRE Corporation