Details of VAR-202005-1054

ID

VAR-202005-1054

CVE

CVE-2020-10683

TITLE

dom4j In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-004997

DESCRIPTION

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j. dom4j To XML There is a vulnerability in an external entity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. dom4j is an open source framework for processing XML. A code issue vulnerability exists in dom4j versions prior to 2.0.3 and 2.1.x versions prior to 2.1.3. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.8.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/ 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update Advisory ID: RHSA-2020:3461-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:3461 Issue date: 2020-08-17 CVE Names: CVE-2019-14900 CVE-2020-1710 CVE-2020-1748 CVE-2020-10672 CVE-2020-10673 CVE-2020-10683 CVE-2020-10687 CVE-2020-10693 CVE-2020-10714 CVE-2020-10718 CVE-2020-10740 CVE-2020-14297 ===================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss EAP 7.3 for RHEL 6 Server - noarch 3. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.2 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.1, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.2 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API (CVE-2020-10718) * dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683) * wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714) * wildfly-undertow: Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests (CVE-2020-10687) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673) * hibernate-core: hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900) * wildfly: unsafe deserialization in Wildfly Enterprise Java Beans (CVE-2020-10740) * jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672) * undertow: EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710) * hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693) * wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748) * wildfly: Some EJB transaction objects may get accumulated causing Denial of Service (CVE-2020-14297) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1785049 - CVE-2020-10687 Undertow: Incomplete fix for CVE-2017-2666 due to permitting invalid characters in HTTP requests 1793970 - CVE-2020-1710 EAP: field-name is not parsed in accordance to RFC7230 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1815470 - CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1815495 - CVE-2020-10672 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1828476 - CVE-2020-10718 wildfly: exposed setting of TCCL via the EmbeddedManagedProcess API 1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans 1853595 - CVE-2020-14297 wildfly: Some EJB transaction objects may get accumulated causing Denial of Service 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-18793 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.16 to 5.3.17 JBEAP-19095 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.20 to 1.0.21 JBEAP-19134 - (7.3.z) Upgrade HAL from 3.2.8.Final-redhat-00001 to 3.2.9.Final JBEAP-19185 - (7.3.z) Upgrade IronJacamar from 1.4.20.Final to 1.4.22.Final JBEAP-19203 - (7.3.z) WFCORE-4850 - Updating mockserver to 5.9.0. Exclusion of dependency from xom.io7m JBEAP-19205 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.x JBEAP-19269 - [GSS](7.3.z) Upgrade jboss-logmanager from 2.1.14.Final to 2.1.15.Final JBEAP-19322 - (7.3.z) Upgrade XNIO from 3.7.7 to 3.7.8.SP1 JBEAP-19325 - (7.3.z) Upgrade Infinispan from 9.4.18.Final-redhat-00001 to 9.4.19.Final-redhat-00001 JBEAP-19397 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP09-redhat-00001 to 2.3.9.SP11-redhat-00001 JBEAP-19409 - Tracker bug for the EAP 7.3.2 release for RHEL-6 JBEAP-19529 - (7.3.z) Update PR template to include PR-processor hints. JBEAP-19564 - [GSS](7.3.z) Upgrade jboss-ejb-client from 4.0.31.Final-redhat-00001 to 4.0.33.Final-redhat-00001 JBEAP-19585 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.4 to 2.0.6 JBEAP-19617 - (7.3.z) Upgrade wildfly-naming-client from 1.0.12.Final-redhat-00001 to 1.0.13.Final-redhat-00001 JBEAP-19619 - (7.3.z) Upgrade JBoss JSF API from 3.0.0.SP02-redhat-00001 to 3.0.0.SP04-redhat-00001 JBEAP-19673 - (7.3.z) [WFCORE] Upgrade WildFly Common to 1.5.2.Final JBEAP-19674 - (7.3.z) [WFCORE] Upgrade galleon and wildfly-galleon-plugins from 4.1.2.Final to 4.2.4.Final JBEAP-19874 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.21.Final-redhat-00001 to 1.0.22.Final-redhat-00001 7. Package List: Red Hat JBoss EAP 7.3 for RHEL 6 Server: Source: eap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.src.rpm eap7-elytron-web-1.6.2-1.Final_redhat_00001.1.el6eap.src.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.src.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.src.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.src.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.src.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-jaxrs-providers-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.src.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.src.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.src.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.src.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.src.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.src.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.src.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.src.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.src.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.src.rpm eap7-wildfly-http-client-1.0.22-1.Final_redhat_00001.1.el6eap.src.rpm noarch: eap7-dom4j-2.1.3-1.redhat_00001.1.el6eap.noarch.rpm eap7-glassfish-jsf-2.3.9-11.SP11_redhat_00001.1.el6eap.noarch.rpm eap7-hal-console-3.2.9-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-core-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-entitymanager-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-envers-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-java8-5.3.17-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-hibernate-validator-cdi-6.0.20-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-jdbc-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-cachestore-remote-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-client-hotrod-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-core-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-commons-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-spi-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-infinispan-hibernate-cache-v53-9.4.19-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-common-spi-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-api-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-core-impl-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-deployers-common-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-jdbc-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-ironjacamar-validator-1.4.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jackson-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-core-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-databind-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jdk8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-datatype-jsr310-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-jaxrs-json-provider-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-module-jaxb-annotations-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-base-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jackson-modules-java8-2.10.4-1.redhat_00001.1.el6eap.noarch.rpm eap7-jboss-genericjms-2.0.6-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-jsf-api_2.3_spec-3.0.0-4.SP04_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-logmanager-2.1.15-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-jboss-server-migration-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-core-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.1-7.Final_redhat_00009.1.el6eap.noarch.rpm eap7-jboss-xnio-base-3.7.8-1.SP1_redhat_00001.1.el6eap.noarch.rpm eap7-netty-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-netty-all-4.1.48-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-2.0.30-4.SP4_redhat_00001.1.el6eap.noarch.rpm eap7-undertow-server-1.6.2-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-common-1.5.2-1.Final_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-elytron-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.7-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-client-common-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-ejb-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-naming-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-http-transaction-client-1.0.22-1.Final_redhat_00001.1.el6eap.noarch.rpm eap7-wildfly-javadocs-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm eap7-wildfly-modules-7.3.2-4.GA_redhat_00002.1.el6eap.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2019-14900 https://access.redhat.com/security/cve/CVE-2020-1710 https://access.redhat.com/security/cve/CVE-2020-1748 https://access.redhat.com/security/cve/CVE-2020-10672 https://access.redhat.com/security/cve/CVE-2020-10673 https://access.redhat.com/security/cve/CVE-2020-10683 https://access.redhat.com/security/cve/CVE-2020-10687 https://access.redhat.com/security/cve/CVE-2020-10693 https://access.redhat.com/security/cve/CVE-2020-10714 https://access.redhat.com/security/cve/CVE-2020-10718 https://access.redhat.com/security/cve/CVE-2020-10740 https://access.redhat.com/security/cve/CVE-2020-14297 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXzqIS9zjgjWX9erEAQjYNxAAk4rojlcRbfjwu0wlWLTU1MbxQNclVtVh MpQnFzyvJVVXX0lslx7NGxHlRNWRgqI/XC1QDqlHpRs4du5/a2Uj+8c5u+WPQefF QCqOvSntbMli42/I7+fCehLVofx/HkuAVcBoGrIGby1E4rddDljh4bH3r43I7wa5 HN9ki8uFAy8bIAzfXW+RB4rxtnsAABv/VFoH1fWmrXCXE6A6aG+AU86ddty0JQHN JhQp6v/X/3ccCvHYTAO8vlbqIJ4fE86e1+5oRBor+4ZD4mMVzGKm4cf8CMPXsKIB 9dFGo8WHFBgEi4hBbBFtFfaE2DGZ6K4Q7X0IAhiiYJmpPg8NgzGiqVvOAG+/OrBz DE84ZPxZwS1zR82wwIyHP4W5mYIhQTxhtp+E9Klu4gpFIAmK8bVfGf2Ub0HOCS6z sbN1Eiv0SBfWRHBfBkuRTBd0aEcmGRNl4GSXzXtanTf0OhFk/4pxdJPmKDEBFWvg 3dtwFi7+/8JoAch8GKQCo4UoSo6etQu45sUH6Q8ozuxYA72+J9K7cpwp/fVhiYRT nruC+2HDuugrC8UVJ/24E++49omdSXAm+UR9tvkFdVU3IpXLJNWO8s4QbrGC7CN7 Lvg/ukygGhrEEyQ1J9yYSeeNISQWJGOSKj/bgYRAh/AbX/QcZZfus7ppAasNjndn Bk4PSTq9yaw= =ZNiG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. Description: Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. Description: Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications

Trust: 2.34

sources: NVD: CVE-2020-10683 // JVNDB: JVNDB-2020-004997 // VULHUB: VHN-163186 // PACKETSTORM: 160562 // PACKETSTORM: 158884 // PACKETSTORM: 159083 // PACKETSTORM: 158889 // PACKETSTORM: 159921 // PACKETSTORM: 158916 // PACKETSTORM: 159082

AFFECTED PRODUCTS

vendor:	dom4j	model:	dom4j	scope:	lt	version:	2.0.3	Trust: 1.0
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.4.0.0.0	Trust: 1.0
vendor:	netapp	model:	oncommand api services	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	retail order broker	scope:	eq	version:	18.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	gte	version:	18.1.0.0	Trust: 1.0
vendor:	oracle	model:	retail customer management and segmentation foundation	scope:	eq	version:	18.0	Trust: 1.0
vendor:	oracle	model:	retail order broker	scope:	eq	version:	19.0	Trust: 1.0
vendor:	oracle	model:	agile plm	scope:	eq	version:	9.3.5	Trust: 1.0
vendor:	oracle	model:	flexcube core banking	scope:	eq	version:	11.7.0	Trust: 1.0
vendor:	oracle	model:	retail order broker	scope:	eq	version:	19.1	Trust: 1.0
vendor:	oracle	model:	rapid planning	scope:	eq	version:	12.2	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	lte	version:	2.10.0	Trust: 1.0
vendor:	oracle	model:	health sciences information manager	scope:	eq	version:	3.0.1	Trust: 1.0
vendor:	oracle	model:	retail customer management and segmentation foundation	scope:	eq	version:	17.0	Trust: 1.0
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.2.0.3.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager base platform	scope:	eq	version:	13.4.0.0	Trust: 1.0
vendor:	oracle	model:	retail order broker	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	data integrator	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	documaker	scope:	lte	version:	12.6.4	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	lte	version:	11.3.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	gte	version:	17.1.0.0	Trust: 1.0
vendor:	netapp	model:	snapcenter	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	webcenter portal	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	lte	version:	11.3.0	Trust: 1.0
vendor:	oracle	model:	flexcube core banking	scope:	eq	version:	11.10.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	lte	version:	17.12.17.1	Trust: 1.0
vendor:	oracle	model:	utilities framework	scope:	eq	version:	2.2.0.0.0	Trust: 1.0
vendor:	oracle	model:	rapid planning	scope:	eq	version:	12.1	Trust: 1.0
vendor:	oracle	model:	retail price management	scope:	eq	version:	14.1.3.0	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	lte	version:	8.2.2	Trust: 1.0
vendor:	oracle	model:	retail integration bus	scope:	eq	version:	16.0	Trust: 1.0
vendor:	oracle	model:	utilities framework	scope:	gte	version:	4.3.0.1.0	Trust: 1.0
vendor:	oracle	model:	banking platform	scope:	gte	version:	2.4.0	Trust: 1.0
vendor:	dom4j	model:	dom4j	scope:	lt	version:	2.1.3	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	lte	version:	8.1.0	Trust: 1.0
vendor:	oracle	model:	documaker	scope:	gte	version:	12.6.0	Trust: 1.0
vendor:	oracle	model:	webcenter portal	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	application testing suite	scope:	eq	version:	13.3.0.1	Trust: 1.0
vendor:	oracle	model:	enterprise data quality	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	gte	version:	11.1.0	Trust: 1.0
vendor:	oracle	model:	business process management suite	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	dom4j	model:	dom4j	scope:	gte	version:	2.1.0	Trust: 1.0
vendor:	oracle	model:	retail price management	scope:	eq	version:	16.0.3.0	Trust: 1.0
vendor:	oracle	model:	retail order broker	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	retail customer management and segmentation foundation	scope:	eq	version:	19.0	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	gte	version:	11.1.0	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	netapp	model:	oncommand workflow automation	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.4.0.2.0	Trust: 1.0
vendor:	oracle	model:	agile plm	scope:	eq	version:	9.3.3	Trust: 1.0
vendor:	oracle	model:	communications diameter signaling router	scope:	gte	version:	8.0.0	Trust: 1.0
vendor:	oracle	model:	utilities framework	scope:	eq	version:	4.2.0.2.0	Trust: 1.0
vendor:	oracle	model:	communications unified inventory management	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	oracle	model:	webcenter portal	scope:	eq	version:	11.1.1.9.0	Trust: 1.0
vendor:	oracle	model:	retail customer management and segmentation foundation	scope:	eq	version:	16.0	Trust: 1.0
vendor:	netapp	model:	snapmanager	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	gte	version:	19.12.0.0	Trust: 1.0
vendor:	oracle	model:	storagetek tape analytics sw tool	scope:	eq	version:	2.3	Trust: 1.0
vendor:	oracle	model:	retail price management	scope:	eq	version:	15.0.3.0	Trust: 1.0
vendor:	oracle	model:	business process management suite	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	oracle	model:	enterprise data quality	scope:	eq	version:	11.1.1.9.0	Trust: 1.0
vendor:	oracle	model:	fusion middleware	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	endeca information discovery integrator	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	oracle	model:	flexcube core banking	scope:	eq	version:	11.8.0	Trust: 1.0
vendor:	oracle	model:	insurance rules palette	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	oracle	model:	retail integration bus	scope:	eq	version:	15.0	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	15.0.4	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	18.0.3	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	16.0.6	Trust: 1.0
vendor:	oracle	model:	communications unified inventory management	scope:	eq	version:	7.4.0	Trust: 1.0
vendor:	netapp	model:	snap creator framework	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	insurance policy administration j2ee	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	oracle	model:	jdeveloper	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	lte	version:	18.8.19.0	Trust: 1.0
vendor:	oracle	model:	communications application session controller	scope:	eq	version:	3.9m0p1	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	lte	version:	19.12.6.0	Trust: 1.0
vendor:	oracle	model:	financial services analytical applications infrastructure	scope:	gte	version:	8.0.6	Trust: 1.0
vendor:	oracle	model:	utilities framework	scope:	lte	version:	4.3.0.6.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	gte	version:	16.1.0.0	Trust: 1.0
vendor:	oracle	model:	health sciences empirica signal	scope:	eq	version:	9.0	Trust: 1.0
vendor:	oracle	model:	data integrator	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	oracle	model:	primavera p6 enterprise project portfolio management	scope:	lte	version:	16.2.20.1	Trust: 1.0
vendor:	oracle	model:	retail price management	scope:	eq	version:	14.0.3	Trust: 1.0
vendor:	oracle	model:	retail xstore point of service	scope:	eq	version:	17.0.4	Trust: 1.0
vendor:	oracle	model:	flexcube core banking	scope:	eq	version:	11.9.0	Trust: 1.0
vendor:	dom4j	model:	dom4j	scope:	eq	version:	2.1.3	Trust: 0.8
vendor:	red hat	model:	decision manager	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	jboss enterprise application platform	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	jboss enterprise application platform continuous delivery	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	process automation	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	jboss fuse	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	software collections	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	single sign-on	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-004997 // NVD: CVE-2020-10683

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-10683
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-004997
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202004-1133
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-163186
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2020-10683
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-004997
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-163186
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-10683
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-004997
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-163186 // JVNDB: JVNDB-2020-004997 // CNNVD: CNNVD-202004-1133 // NVD: CVE-2020-10683

PROBLEMTYPE DATA

problemtype:

CWE-611

Trust: 1.9

sources: VULHUB: VHN-163186 // JVNDB: JVNDB-2020-004997 // NVD: CVE-2020-10683

THREAT TYPE

remote

Trust: 1.2

sources: PACKETSTORM: 160562 // PACKETSTORM: 158884 // PACKETSTORM: 159083 // PACKETSTORM: 158889 // PACKETSTORM: 159921 // PACKETSTORM: 159082 // CNNVD: CNNVD-202004-1133

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202004-1133

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004997

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-163186

PATCH

title:	SAXReader uses system default XMLReader with its defaults. New factory method SAXReader.createDefault() sets more secure defaults.	url:	https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658	Trust: 0.8
title:	version-2.1.3	url:	https://github.com/dom4j/dom4j/releases/tag/version-2.1.3	Trust: 0.8
title:	Bug 1694235	url:	https://bugzilla.redhat.com/show_bug.cgi?id=1694235	Trust: 0.8
title:	dom4j Fixes for code issue vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=116859	Trust: 0.6

sources: JVNDB: JVNDB-2020-004997 // CNNVD: CNNVD-202004-1133

EXTERNAL IDS

db:	NVD	id:	CVE-2020-10683	Trust: 3.2
db:	PACKETSTORM	id:	159083	Trust: 0.8
db:	PACKETSTORM	id:	159921	Trust: 0.8
db:	PACKETSTORM	id:	160562	Trust: 0.8
db:	PACKETSTORM	id:	158916	Trust: 0.8
db:	JVNDB	id:	JVNDB-2020-004997	Trust: 0.8
db:	CNNVD	id:	CNNVD-202004-1133	Trust: 0.7
db:	PACKETSTORM	id:	158891	Trust: 0.7
db:	PACKETSTORM	id:	159544	Trust: 0.7
db:	PACKETSTORM	id:	159015	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2837	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4464	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2087	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2826	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1581	Trust: 0.6
db:	AUSCERT	id:	ESB-2023.3781	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3894	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2992	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3742	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3513	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3065	Trust: 0.6
db:	CS-HELP	id:	SB2021042542	Trust: 0.6
db:	CS-HELP	id:	SB2021072165	Trust: 0.6
db:	CS-HELP	id:	SB2022072096	Trust: 0.6
db:	CS-HELP	id:	SB2021042642	Trust: 0.6
db:	CS-HELP	id:	SB2021072747	Trust: 0.6
db:	NSFOCUS	id:	47453	Trust: 0.6
db:	PACKETSTORM	id:	158889	Trust: 0.2
db:	PACKETSTORM	id:	158884	Trust: 0.2
db:	PACKETSTORM	id:	159082	Trust: 0.2
db:	PACKETSTORM	id:	159081	Trust: 0.1
db:	PACKETSTORM	id:	158881	Trust: 0.1
db:	PACKETSTORM	id:	159080	Trust: 0.1
db:	PACKETSTORM	id:	159924	Trust: 0.1
db:	CNVD	id:	CNVD-2020-33467	Trust: 0.1
db:	VULHUB	id:	VHN-163186	Trust: 0.1

sources: VULHUB: VHN-163186 // JVNDB: JVNDB-2020-004997 // PACKETSTORM: 160562 // PACKETSTORM: 158884 // PACKETSTORM: 159083 // PACKETSTORM: 158889 // PACKETSTORM: 159921 // PACKETSTORM: 158916 // PACKETSTORM: 159082 // CNNVD: CNNVD-202004-1133 // NVD: CVE-2020-10683

REFERENCES

url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpujan2021.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuoct2020.html	Trust: 2.3
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10683	Trust: 2.1
url:	https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658	Trust: 1.7
url:	https://github.com/dom4j/dom4j/releases/tag/version-2.1.3	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20200518-0002/	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1694235	Trust: 1.7
url:	https://cheatsheetseries.owasp.org/cheatsheets/xml_external_entity_prevention_cheat_sheet.html	Trust: 1.7
url:	https://github.com/dom4j/dom4j/commits/version-2.0.3	Trust: 1.7
url:	https://github.com/dom4j/dom4j/issues/87	Trust: 1.7
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html	Trust: 1.7
url:	https://usn.ubuntu.com/4575-1/	Trust: 1.7
url:	https://access.redhat.com/security/cve/cve-2020-10683	Trust: 1.3
url:	https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3cdev.velocity.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3cdev.velocity.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3cnotifications.freemarker.apache.org%3e	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10683	Trust: 0.8
url:	https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3cnotifications.freemarker.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32@%3cdev.velocity.apache.org%3e	Trust: 0.7
url:	https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8@%3cdev.velocity.apache.org%3e	Trust: 0.7
url:	https://access.redhat.com/security/team/contact/	Trust: 0.7
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.7
url:	https://bugzilla.redhat.com/):	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10740	Trust: 0.6
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14900	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2019-14900	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-10740	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10693	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-10714	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10714	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-10693	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1748	Trust: 0.6
url:	https://access.redhat.com/security/cve/cve-2020-1748	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3513/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2023.3781	Trust: 0.6
url:	https://packetstormsecurity.com/files/160562/red-hat-security-advisory-2020-5568-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072096	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2992/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159544/ubuntu-security-notice-usn-4575-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4464/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2087/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159015/red-hat-security-advisory-2020-3585-01.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072165	Trust: 0.6
url:	https://packetstormsecurity.com/files/159921/red-hat-security-advisory-2020-4960-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2837/	Trust: 0.6
url:	https://www.ibm.com/support/pages/node/6525182	Trust: 0.6
url:	https://www.oracle.com/security-alerts/cpujul2021.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/158916/red-hat-security-advisory-2020-3501-01.html	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/47453	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3894/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1581/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletinibm-resilient-soar-is-using-components-with-known-vulnerabilities-dom4j-cve-2020-10683/	Trust: 0.6
url:	https://packetstormsecurity.com/files/158891/red-hat-security-advisory-2020-3463-01.html	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-jquery-spring-dom4j-mongodb-linux-kernel-targetcli-fb-jackson-node-js-and-apache-commons-affect-ibm-spectrum-protect-plus/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042542	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072747	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042642	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2826/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/dom4j-external-xml-entity-injection-via-saxreader-32161	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-dom4j-as-used-by-ibm-qradar-siem-contains-multiple-vulnerabilities-cve-2018-1000632-cve-2020-10683/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3742/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159083/red-hat-security-advisory-2020-3642-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3065/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1710	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10672	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10687	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10673	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10672	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10687	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-1710	Trust: 0.5
url:	https://access.redhat.com/security/cve/cve-2020-10718	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10718	Trust: 0.5
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10673	Trust: 0.5
url:	https://issues.jboss.org/):	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14297	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2020-14297	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14307	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-14307	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17566	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11612	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2019-17566	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-11612	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-6950	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9547	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-1695	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9546	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9547	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-9548	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1695	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html-single/installation_guide/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9548	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-8840	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9546	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8840	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-6950	Trust: 0.2
url:	https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1719	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=jboss.fuse&version=7.8.0	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12406	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11973	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11972	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-2692	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9488	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1000873	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11989	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-13990	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11980	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11972	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1950	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12406	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11989	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3774	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0210	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11980	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1960	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0205	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1393	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11971	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1000873	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7226	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10219	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-9489	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14326	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13692	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0210	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10202	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10202	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13990	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3773	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-13692	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-11994	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10219	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11973	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1714	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-5398	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11777	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-13933	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12423	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-3774	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17638	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12423	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17638	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-2692	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19343	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11994	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11971	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19343	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:5568	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-3773	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0205	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11777	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3461	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3642	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3462	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2875	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2934	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2933	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1945	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1954	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1945	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2875	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-2934	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-2933	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions&product=rhdm&version=7.9.0	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1954	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4960	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-10758	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-10758	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3501	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1728	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1728	Trust: 0.1
url:	https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso&downloadtype=securitypatches&version=7.4	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3638	Trust: 0.1

CREDITS

Red Hat

Trust: 1.3

sources: PACKETSTORM: 160562 // PACKETSTORM: 158884 // PACKETSTORM: 159083 // PACKETSTORM: 158889 // PACKETSTORM: 159921 // PACKETSTORM: 158916 // PACKETSTORM: 159082 // CNNVD: CNNVD-202004-1133

SOURCES

db:	VULHUB	id:	VHN-163186
db:	JVNDB	id:	JVNDB-2020-004997
db:	PACKETSTORM	id:	160562
db:	PACKETSTORM	id:	158884
db:	PACKETSTORM	id:	159083
db:	PACKETSTORM	id:	158889
db:	PACKETSTORM	id:	159921
db:	PACKETSTORM	id:	158916
db:	PACKETSTORM	id:	159082
db:	CNNVD	id:	CNNVD-202004-1133
db:	NVD	id:	CVE-2020-10683

LAST UPDATE DATE

2024-09-18T22:39:49.706000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-163186	date:	2022-07-25T00:00:00
db:	JVNDB	id:	JVNDB-2020-004997	date:	2020-06-04T00:00:00
db:	CNNVD	id:	CNNVD-202004-1133	date:	2023-07-04T00:00:00
db:	NVD	id:	CVE-2020-10683	date:	2023-11-07T03:14:11.907

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-163186	date:	2020-05-01T00:00:00
db:	JVNDB	id:	JVNDB-2020-004997	date:	2020-06-04T00:00:00
db:	PACKETSTORM	id:	160562	date:	2020-12-16T18:17:52
db:	PACKETSTORM	id:	158884	date:	2020-08-17T17:34:41
db:	PACKETSTORM	id:	159083	date:	2020-09-07T16:39:48
db:	PACKETSTORM	id:	158889	date:	2020-08-17T17:43:07
db:	PACKETSTORM	id:	159921	date:	2020-11-06T15:06:03
db:	PACKETSTORM	id:	158916	date:	2020-08-19T16:44:13
db:	PACKETSTORM	id:	159082	date:	2020-09-07T16:39:28
db:	CNNVD	id:	CNNVD-202004-1133	date:	2020-04-15T00:00:00
db:	NVD	id:	CVE-2020-10683	date:	2020-05-01T19:15:12.927