CVE-2019-17554 is a vulnerability in Apache Olingo
Published on December 4, 2019

The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks.

NVD

Products Associated with CVE-2019-17554

Want to know whenever a new CVE is published for Apache Olingo? stack.watch will email you.

Apache Olingo

Affected Versions

Apache Olingo Version 4.0.0 to 4.6.0 is affected by CVE-2019-17554

Exploit Probability

EPSS

52.53%

Percentile

97.87%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-17554 is a vulnerability in Apache OlingoPublished on December 4, 2019

Products Associated with CVE-2019-17554

Affected Versions

Exploit Probability

CVE-2019-17554 is a vulnerability in Apache Olingo
Published on December 4, 2019