CVE-2019-17634 is a vulnerability in Eclipse Memory Analyzer
Published on January 17, 2020
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2019-17634 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2019-17634
Want to know whenever a new CVE is published for Eclipse Memory Analyzer? stack.watch will email you.
Affected Versions
The Eclipse Foundation Eclipse Memory Analyzer Version All versions prior to version 1.9.2 is affected by CVE-2019-17634Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.