CyberSec.Space Logo
Back to CVE Browser

CVE-2014-2228

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1460%
EPSS Percentile19.12th
PublishedFeb 19, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.

Affected Platforms (CPE)

πŸ“¦
Talend

Restlet

<= 2.1.7
πŸ“¦
Talend

Restlet

= 2.2
πŸ“¦
Talend

Restlet

= 2.2
πŸ“¦
Talend

Restlet

= 2.2
πŸ“¦
Talend

Restlet

= 2.2
πŸ“¦
Talend

Restlet

= 2.2
πŸ“¦
Talend

Restlet

= 2.2
πŸ“¦
Talend

Restlet

= 2.2
πŸ“¦
Talend

Restlet

= 2.2
πŸ“¦
Talend

Restlet

= 2.2

References & Advisories

πŸ”— https://web.archive.org/web/20140425095352/http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Remote-code-execution-and-XML-Entity-Expansion-injection/ba-p/6403370
πŸ”— https://web.archive.org/web/20140425095352/http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Remote-code-execution-and-XML-Entity-Expansion-injection/ba-p/6403370

Related Vulnerabilities

CVE-2012-26567.5

An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtai...

CVE-2013-42217.5

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources us...

CVE-2013-42717.5

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, w...

CVE-2017-148687.5

Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack...