Bonita-Connector-Webservice 1.3.0 XML XXE via SecureWSConnector (fixed 1.3.1)
CVE-2020-36640 Published on January 5, 2023
bonitasoft bonita-connector-webservice SecureWSConnector.java TransformerConfigurationException xml external entity reference
A vulnerability, which was classified as problematic, was found in bonitasoft bonita-connector-webservice up to 1.3.0. This affects the function TransformerConfigurationException of the file src/main/java/org/bonitasoft/connectors/ws/SecureWSConnector.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.1 is able to address this issue. The patch is named a12ad691c05af19e9061d7949b6b828ce48815d5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217443.
Timeline
Advisory disclosed
CVE reserved
VulDB entry created
VulDB entry last update 23 days later.
Weakness Type
What is a XXE Vulnerability?
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CVE-2020-36640 has been classified to as a XXE vulnerability or weakness.
Products Associated with CVE-2020-36640
Want to know whenever a new CVE is published for Bonitasoft Webservice Connector? stack.watch will email you.
Affected Versions
bonitasoft bonita-connector-webservice:- Version 1.0 is affected.
- Version 1.1 is affected.
- Version 1.2 is affected.
- Version 1.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.