CVE-2016-4216
First published: Wed Jul 13 2016(Updated: )
XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe XMP Toolkit | <=5.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-4216?
CVE-2016-4216 has a medium severity level due to potential unauthorized file access.
How do I fix CVE-2016-4216?
To remediate CVE-2016-4216, upgrade to Adobe XMP Toolkit for Java version 5.1.3 or later.
What types of attacks are possible with CVE-2016-4216?
CVE-2016-4216 allows remote attackers to perform XML External Entity (XXE) attacks which can lead to unauthorized file read.
Which versions of Adobe XMP Toolkit are affected by CVE-2016-4216?
CVE-2016-4216 affects Adobe XMP Toolkit for Java versions before 5.1.3.
Is user interaction required to exploit CVE-2016-4216?
No, exploitation of CVE-2016-4216 can occur remotely without user interaction.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe xmp toolkit
- version/adobe xmp toolkit/5.1.2