XML External Entity (XXE) Vulnerability in JBPMBpmn2ResourceImpl in jbpm-designer

XML External Entity (XXE) Vulnerability in JBPMBpmn2ResourceImpl in jbpm-designer

CVE-2014-3682 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file.

Learn more about our External Network Penetration Testing.