Back to CVE Browser

CVE-2020-10990

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0990%

EPSS Percentile7.61th

PublishedMar 27, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component.

Affected Platforms (CPE)

📦

Accenture

Mercury

< 1.12.28

References & Advisories

🔗 https://github.com/Accenture/mercury/commit/f647a01347485d2afe3a0b735eab3d0121d61f46

🔗 https://github.com/Accenture/mercury/issues/13

🔗 https://github.com/Accenture/mercury/commit/f647a01347485d2afe3a0b735eab3d0121d61f46

🔗 https://github.com/Accenture/mercury/issues/13

Related Vulnerabilities

CVE-2007-137310.0

Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute...

CVE-2007-044610.0

Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8...

CVE-2004-251310.0

Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SE...

CVE-2020-227249.8

A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury ...