What is the severity of CVE-2017-7545?

The severity of CVE-2017-7545 is considered to be critical due to its potential to allow unauthorized file access.

How do I fix CVE-2017-7545?

To fix CVE-2017-7545, you should upgrade to a patched version of the affected software, such as Red Hat Decision Manager 7.0 or jBPM 6.5.

Who is affected by CVE-2017-7545?

CVE-2017-7545 affects users of Red Hat Decision Manager 7.0, jBoss BPM Suite 6.4, and jBPM 6.5.

What type of vulnerability is CVE-2017-7545?

CVE-2017-7545 is an XML external entity (XXE) vulnerability that can be exploited to read local files.

Can CVE-2017-7545 lead to data theft?

Yes, CVE-2017-7545 can potentially allow attackers to read sensitive data from local files on the server.

Vulnerability/
CVE-2017-7545

medium

6.5

CWE

611

25/7/2017

26/7/2018

9/10/2019

CVE-2017-7545: XEE

First published: Tue Jul 25 2017(Updated: )

It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker could use this flaw to read files accessible to the user running the application server and, potentially, perform other more advanced XML eXternal Entity (XXE) attacks.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Red Hat Decision Manager	=7.0
Red Hat JBoss BPM Suite	=6.4
Red Hat jBPM	=6.5

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7545

Remedy

https://github.com/kiegroup/jbpm-designer/commit/a143f3b92a6a5a527d929d68c02a0c5d914ab81d

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-7545?
The severity of CVE-2017-7545 is considered to be critical due to its potential to allow unauthorized file access.
How do I fix CVE-2017-7545?
To fix CVE-2017-7545, you should upgrade to a patched version of the affected software, such as Red Hat Decision Manager 7.0 or jBPM 6.5.
Who is affected by CVE-2017-7545?
CVE-2017-7545 affects users of Red Hat Decision Manager 7.0, jBoss BPM Suite 6.4, and jBPM 6.5.
What type of vulnerability is CVE-2017-7545?
CVE-2017-7545 is an XML external entity (XXE) vulnerability that can be exploited to read local files.
Can CVE-2017-7545 lead to data theft?
Yes, CVE-2017-7545 can potentially allow attackers to read sensitive data from local files on the server.

agent/type
agent/remedy
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2017-7545
agent/last-modified-date
agent/references
agent/author
agent/weakness
agent/severity
agent/description
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/redhat
canonical/red hat decision manager
version/red hat decision manager/7.0
canonical/red hat jboss bpm suite
version/red hat jboss bpm suite/6.4
canonical/red hat jbpm
version/red hat jbpm/6.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.