CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-12154

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.1610%
EPSS Percentile7.72th
Published2019年6月11日
Last Modified2024年11月21日

Vulnerability Description

XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.

Affected Platforms (CPE)

📦
Realobjects

Pdfreactor

< 10.1.10722

References & Advisories

🔗 https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html
🔗 https://www.pdfreactor.com/important-pdfreactor-security-advisory/
🔗 https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/
🔗 https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html
🔗 https://www.pdfreactor.com/important-pdfreactor-security-advisory/
🔗 https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/

関連する脆弱性情報

CVE-2019-1215310.0

Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access netw...

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...