Vulnerability in Odata4j_project Odata4j
CVE-2014-0171
XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint.
EPSS: 0.004 (59.7th percentile) — read the EPSS interpretation.
Affected products
- Odata4j_project Odata4j
- Redhat Jboss_data_virtualization
- N/a — versions n/a
References
- RHSA-2015:0034 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit)