XXE Vulnerability in JnlpSupport in YAJSW 12.14: Remote Data Exfiltration and DoS

XXE Vulnerability in JnlpSupport in YAJSW 12.14: Remote Data Exfiltration and DoS

CVE-2020-6958 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service.

Learn more about our Web Application Penetration Testing UK.