critical
9.8
CWE
611
Advisory Published
CVE Published
CVE Published
Updated

CVE-2020-10683: XEE

First published: Fri Mar 29 2019(Updated: )

dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
0:2.3.5-13.SP3_redhat_00011.1.el6ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el6ea
0:3.0.23-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el6ea
0:5.3.17-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el6ea
0:6.0.20-1.Final_redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.4.22-1.Final_redhat_00001.1.el6ea
0:1.4.22-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-databind<0:2.9.10.4-1.redhat_00001.1.el6ea
0:2.9.10.4-1.redhat_00001.1.el6ea
redhat/eap7-jboss-genericjms<0:2.0.6-1.Final_redhat_00001.1.el6ea
0:2.0.6-1.Final_redhat_00001.1.el6ea
redhat/eap7-jboss-logmanager<0:2.1.15-1.Final_redhat_00001.1.el6ea
0:2.1.15-1.Final_redhat_00001.1.el6ea
redhat/eap7-jboss-modules<0:1.8.10-1.Final_redhat_00001.1.el6ea
0:1.8.10-1.Final_redhat_00001.1.el6ea
redhat/eap7-jboss-server-migration<0:1.3.1-13.Final_redhat_00014.1.el6ea
0:1.3.1-13.Final_redhat_00014.1.el6ea
redhat/eap7-jboss-xnio-base<0:3.7.6-4.SP3_redhat_00001.1.el6ea
0:3.7.6-4.SP3_redhat_00001.1.el6ea
redhat/eap7-resteasy<0:3.6.1-10.SP9_redhat_00001.1.el6ea
0:3.6.1-10.SP9_redhat_00001.1.el6ea
redhat/eap7-undertow<0:2.0.30-4.SP4_redhat_00001.1.el6ea
0:2.0.30-4.SP4_redhat_00001.1.el6ea
redhat/eap7-weld-core<0:3.0.6-4.Final_redhat_00004.1.el6ea
0:3.0.6-4.Final_redhat_00004.1.el6ea
redhat/eap7-wildfly<0:7.2.9-4.GA_redhat_00003.1.el6ea
0:7.2.9-4.GA_redhat_00003.1.el6ea
redhat/eap7-wildfly-elytron<0:1.6.8-1.Final_redhat_00001.1.el6ea
0:1.6.8-1.Final_redhat_00001.1.el6ea
redhat/eap7-wildfly-http-client<0:1.0.22-1.Final_redhat_00001.1.el6ea
0:1.0.22-1.Final_redhat_00001.1.el6ea
redhat/eap7-wildfly-transaction-client<0:1.1.11-1.Final_redhat_00001.1.el6ea
0:1.1.11-1.Final_redhat_00001.1.el6ea
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el7ea
0:2.1.3-1.redhat_00001.1.el7ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el7ea
0:1.2.5-1.Final_redhat_00001.1.el7ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el7ea
0:2.3.5-13.SP3_redhat_00011.1.el7ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el7ea
0:3.0.23-1.Final_redhat_00001.1.el7ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el7ea
0:5.3.17-1.Final_redhat_00001.1.el7ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el7ea
0:6.0.20-1.Final_redhat_00001.1.el7ea
redhat/eap7-ironjacamar<0:1.4.22-1.Final_redhat_00001.1.el7ea
0:1.4.22-1.Final_redhat_00001.1.el7ea
redhat/eap7-jackson-databind<0:2.9.10.4-1.redhat_00001.1.el7ea
0:2.9.10.4-1.redhat_00001.1.el7ea
redhat/eap7-jboss-genericjms<0:2.0.6-1.Final_redhat_00001.1.el7ea
0:2.0.6-1.Final_redhat_00001.1.el7ea
redhat/eap7-jboss-logmanager<0:2.1.15-1.Final_redhat_00001.1.el7ea
0:2.1.15-1.Final_redhat_00001.1.el7ea
redhat/eap7-jboss-modules<0:1.8.10-1.Final_redhat_00001.1.el7ea
0:1.8.10-1.Final_redhat_00001.1.el7ea
redhat/eap7-jboss-server-migration<0:1.3.1-13.Final_redhat_00014.1.el7ea
0:1.3.1-13.Final_redhat_00014.1.el7ea
redhat/eap7-jboss-xnio-base<0:3.7.6-4.SP3_redhat_00001.1.el7ea
0:3.7.6-4.SP3_redhat_00001.1.el7ea
redhat/eap7-resteasy<0:3.6.1-10.SP9_redhat_00001.1.el7ea
0:3.6.1-10.SP9_redhat_00001.1.el7ea
redhat/eap7-undertow<0:2.0.30-4.SP4_redhat_00001.1.el7ea
0:2.0.30-4.SP4_redhat_00001.1.el7ea
redhat/eap7-weld-core<0:3.0.6-4.Final_redhat_00004.1.el7ea
0:3.0.6-4.Final_redhat_00004.1.el7ea
redhat/eap7-wildfly<0:7.2.9-4.GA_redhat_00003.1.el7ea
0:7.2.9-4.GA_redhat_00003.1.el7ea
redhat/eap7-wildfly-elytron<0:1.6.8-1.Final_redhat_00001.1.el7ea
0:1.6.8-1.Final_redhat_00001.1.el7ea
redhat/eap7-wildfly-http-client<0:1.0.22-1.Final_redhat_00001.1.el7ea
0:1.0.22-1.Final_redhat_00001.1.el7ea
redhat/eap7-wildfly-transaction-client<0:1.1.11-1.Final_redhat_00001.1.el7ea
0:1.1.11-1.Final_redhat_00001.1.el7ea
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el8ea
0:2.1.3-1.redhat_00001.1.el8ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el8ea
0:1.2.5-1.Final_redhat_00001.1.el8ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el8ea
0:2.3.5-13.SP3_redhat_00011.1.el8ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el8ea
0:3.0.23-1.Final_redhat_00001.1.el8ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el8ea
0:5.3.17-1.Final_redhat_00001.1.el8ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el8ea
0:6.0.20-1.Final_redhat_00001.1.el8ea
redhat/eap7-ironjacamar<0:1.4.22-1.Final_redhat_00001.1.el8ea
0:1.4.22-1.Final_redhat_00001.1.el8ea
redhat/eap7-jackson-databind<0:2.9.10.4-1.redhat_00001.1.el8ea
0:2.9.10.4-1.redhat_00001.1.el8ea
redhat/eap7-jboss-genericjms<0:2.0.6-1.Final_redhat_00001.1.el8ea
0:2.0.6-1.Final_redhat_00001.1.el8ea
redhat/eap7-jboss-logmanager<0:2.1.15-1.Final_redhat_00001.1.el8ea
0:2.1.15-1.Final_redhat_00001.1.el8ea
redhat/eap7-jboss-modules<0:1.8.10-1.Final_redhat_00001.1.el8ea
0:1.8.10-1.Final_redhat_00001.1.el8ea
redhat/eap7-jboss-server-migration<0:1.3.1-13.Final_redhat_00014.1.el8ea
0:1.3.1-13.Final_redhat_00014.1.el8ea
redhat/eap7-jboss-xnio-base<0:3.7.6-4.SP3_redhat_00001.1.el8ea
0:3.7.6-4.SP3_redhat_00001.1.el8ea
redhat/eap7-resteasy<0:3.6.1-10.SP9_redhat_00001.1.el8ea
0:3.6.1-10.SP9_redhat_00001.1.el8ea
redhat/eap7-undertow<0:2.0.30-4.SP4_redhat_00001.1.el8ea
0:2.0.30-4.SP4_redhat_00001.1.el8ea
redhat/eap7-weld-core<0:3.0.6-4.Final_redhat_00004.1.el8ea
0:3.0.6-4.Final_redhat_00004.1.el8ea
redhat/eap7-wildfly<0:7.2.9-4.GA_redhat_00003.1.el8ea
0:7.2.9-4.GA_redhat_00003.1.el8ea
redhat/eap7-wildfly-elytron<0:1.6.8-1.Final_redhat_00001.1.el8ea
0:1.6.8-1.Final_redhat_00001.1.el8ea
redhat/eap7-wildfly-http-client<0:1.0.22-1.Final_redhat_00001.1.el8ea
0:1.0.22-1.Final_redhat_00001.1.el8ea
redhat/eap7-wildfly-transaction-client<0:1.1.11-1.Final_redhat_00001.1.el8ea
0:1.1.11-1.Final_redhat_00001.1.el8ea
redhat/eap7-elytron-web<0:1.6.2-1.Final_redhat_00001.1.el6ea
0:1.6.2-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.9-11.SP11_redhat_00001.1.el6ea
0:2.3.9-11.SP11_redhat_00001.1.el6ea
redhat/eap7-hal-console<0:3.2.9-1.Final_redhat_00001.1.el6ea
0:3.2.9-1.Final_redhat_00001.1.el6ea
redhat/eap7-infinispan<0:9.4.19-1.Final_redhat_00001.1.el6ea
0:9.4.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.10.4-1.redhat_00001.1.el6ea
0:2.10.4-1.redhat_00001.1.el6ea
redhat/eap7-jackson-core<0:2.10.4-1.redhat_00001.1.el6ea
0:2.10.4-1.redhat_00001.1.el6ea
redhat/eap7-jackson-databind<0:2.10.4-1.redhat_00001.1.el6ea
0:2.10.4-1.redhat_00001.1.el6ea
redhat/eap7-jackson-jaxrs-providers<0:2.10.4-1.redhat_00001.1.el6ea
0:2.10.4-1.redhat_00001.1.el6ea
redhat/eap7-jackson-modules-base<0:2.10.4-1.redhat_00001.1.el6ea
0:2.10.4-1.redhat_00001.1.el6ea
redhat/eap7-jackson-modules-java8<0:2.10.4-1.redhat_00001.1.el6ea
0:2.10.4-1.redhat_00001.1.el6ea
redhat/eap7-jboss-server-migration<0:1.7.1-7.Final_redhat_00009.1.el6ea
0:1.7.1-7.Final_redhat_00009.1.el6ea
redhat/eap7-jboss-xnio-base<0:3.7.8-1.SP1_redhat_00001.1.el6ea
0:3.7.8-1.SP1_redhat_00001.1.el6ea
redhat/eap7-netty<0:4.1.48-1.Final_redhat_00001.1.el6ea
0:4.1.48-1.Final_redhat_00001.1.el6ea
redhat/eap7-wildfly<0:7.3.2-4.GA_redhat_00002.1.el6ea
0:7.3.2-4.GA_redhat_00002.1.el6ea
redhat/eap7-wildfly-common<0:1.5.2-1.Final_redhat_00002.1.el6ea
0:1.5.2-1.Final_redhat_00002.1.el6ea
redhat/eap7-wildfly-elytron<0:1.10.7-1.Final_redhat_00001.1.el6ea
0:1.10.7-1.Final_redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.6.2-1.Final_redhat_00001.1.el7ea
0:1.6.2-1.Final_redhat_00001.1.el7ea
redhat/eap7-glassfish-jsf<0:2.3.9-11.SP11_redhat_00001.1.el7ea
0:2.3.9-11.SP11_redhat_00001.1.el7ea
redhat/eap7-hal-console<0:3.2.9-1.Final_redhat_00001.1.el7ea
0:3.2.9-1.Final_redhat_00001.1.el7ea
redhat/eap7-infinispan<0:9.4.19-1.Final_redhat_00001.1.el7ea
0:9.4.19-1.Final_redhat_00001.1.el7ea
redhat/eap7-jackson-annotations<0:2.10.4-1.redhat_00001.1.el7ea
0:2.10.4-1.redhat_00001.1.el7ea
redhat/eap7-jackson-core<0:2.10.4-1.redhat_00001.1.el7ea
0:2.10.4-1.redhat_00001.1.el7ea
redhat/eap7-jackson-databind<0:2.10.4-1.redhat_00001.1.el7ea
0:2.10.4-1.redhat_00001.1.el7ea
redhat/eap7-jackson-jaxrs-providers<0:2.10.4-1.redhat_00001.1.el7ea
0:2.10.4-1.redhat_00001.1.el7ea
redhat/eap7-jackson-modules-base<0:2.10.4-1.redhat_00001.1.el7ea
0:2.10.4-1.redhat_00001.1.el7ea
redhat/eap7-jackson-modules-java8<0:2.10.4-1.redhat_00001.1.el7ea
0:2.10.4-1.redhat_00001.1.el7ea
redhat/eap7-jboss-server-migration<0:1.7.1-7.Final_redhat_00009.1.el7ea
0:1.7.1-7.Final_redhat_00009.1.el7ea
redhat/eap7-jboss-xnio-base<0:3.7.8-1.SP1_redhat_00001.1.el7ea
0:3.7.8-1.SP1_redhat_00001.1.el7ea
redhat/eap7-netty<0:4.1.48-1.Final_redhat_00001.1.el7ea
0:4.1.48-1.Final_redhat_00001.1.el7ea
redhat/eap7-wildfly<0:7.3.2-4.GA_redhat_00002.1.el7ea
0:7.3.2-4.GA_redhat_00002.1.el7ea
redhat/eap7-wildfly-common<0:1.5.2-1.Final_redhat_00002.1.el7ea
0:1.5.2-1.Final_redhat_00002.1.el7ea
redhat/eap7-wildfly-elytron<0:1.10.7-1.Final_redhat_00001.1.el7ea
0:1.10.7-1.Final_redhat_00001.1.el7ea
redhat/eap7-elytron-web<0:1.6.2-1.Final_redhat_00001.1.el8ea
0:1.6.2-1.Final_redhat_00001.1.el8ea
redhat/eap7-glassfish-jsf<0:2.3.9-11.SP11_redhat_00001.1.el8ea
0:2.3.9-11.SP11_redhat_00001.1.el8ea
redhat/eap7-hal-console<0:3.2.9-1.Final_redhat_00001.1.el8ea
0:3.2.9-1.Final_redhat_00001.1.el8ea
redhat/eap7-infinispan<0:9.4.19-1.Final_redhat_00001.1.el8ea
0:9.4.19-1.Final_redhat_00001.1.el8ea
redhat/eap7-jackson-annotations<0:2.10.4-1.redhat_00001.1.el8ea
0:2.10.4-1.redhat_00001.1.el8ea
redhat/eap7-jackson-core<0:2.10.4-1.redhat_00001.1.el8ea
0:2.10.4-1.redhat_00001.1.el8ea
redhat/eap7-jackson-databind<0:2.10.4-1.redhat_00001.1.el8ea
0:2.10.4-1.redhat_00001.1.el8ea
redhat/eap7-jackson-jaxrs-providers<0:2.10.4-1.redhat_00001.1.el8ea
0:2.10.4-1.redhat_00001.1.el8ea
redhat/eap7-jackson-modules-base<0:2.10.4-1.redhat_00001.1.el8ea
0:2.10.4-1.redhat_00001.1.el8ea
redhat/eap7-jackson-modules-java8<0:2.10.4-1.redhat_00001.1.el8ea
0:2.10.4-1.redhat_00001.1.el8ea
redhat/eap7-jboss-server-migration<0:1.7.1-7.Final_redhat_00009.1.el8ea
0:1.7.1-7.Final_redhat_00009.1.el8ea
redhat/eap7-jboss-xnio-base<0:3.7.8-1.SP1_redhat_00001.1.el8ea
0:3.7.8-1.SP1_redhat_00001.1.el8ea
redhat/eap7-netty<0:4.1.48-1.Final_redhat_00001.1.el8ea
0:4.1.48-1.Final_redhat_00001.1.el8ea
redhat/eap7-wildfly<0:7.3.2-4.GA_redhat_00002.1.el8ea
0:7.3.2-4.GA_redhat_00002.1.el8ea
redhat/eap7-wildfly-common<0:1.5.2-1.Final_redhat_00002.1.el8ea
0:1.5.2-1.Final_redhat_00002.1.el8ea
redhat/eap7-wildfly-elytron<0:1.10.7-1.Final_redhat_00001.1.el8ea
0:1.10.7-1.Final_redhat_00001.1.el8ea
redhat/dom4j<2.0.3
2.0.3
redhat/dom4j<2.1.3
2.1.3
IBM CLM<=6.0.6.1
IBM CLM<=6.0.6
IBM ELM<=7.0.2
IBM ELM<=7.0
IBM ELM<=7.0.1
IBM Engineering Requirements Quality Assistant<=1.0
IBM Engineering Requirements Quality Assistant On-Premises<=All
IBM EWM<=7.0.2
IBM EWM<=7.0.1
IBM RTC<=6.0.2
IBM RTC<=6.0.6.1
IBM EWM<=7.0
IBM RTC<=6.0.6
IBM Engineering Systems Design Rhapsody<=All
IBM DOORS Next<=7.0.2
IBM DOORS Next<=7.0
IBM DOORS Next<=7.0.1
IBM RDNG<=6.0.6.1
IBM RDNG<=6.0.6
ubuntu/dom4j<1.6.1+dfsg.3-2ubuntu1.1
1.6.1+dfsg.3-2ubuntu1.1
debian/dom4j
2.1.3-1
2.1.3-2
2.1.4-1
dom4j<2.0.3
dom4j>=2.1.0<2.1.3
Oracle Agile PLM=9.3.3
Oracle Agile PLM=9.3.5
Oracle Application Testing Suite=13.3.0.1
oracle banking platform>=2.4.0<=2.10.0
Oracle Business Process Management Suite=12.2.1.3.0
Oracle Business Process Management Suite=12.2.1.4.0
Oracle Communications Application Session Controller=3.9m0p1
Oracle Communications Diameter Signaling Router>=8.0.0<=8.2.2
Oracle Communications Unified Inventory Management=7.3.0
Oracle Communications Unified Inventory Management=7.4.0
Oracle Data Integrator=12.2.1.3.0
Oracle Data Integrator=12.2.1.4.0
Oracle Documaker>=12.6.0<=12.6.4
Oracle Endeca Information Discovery Integrator=3.2.0
Oracle Enterprise Data Quality=11.1.1.9.0
Oracle Enterprise Data Quality=12.2.1.3.0
Oracle Enterprise Manager Base Platform=13.4.0.0
Oracle Financial Services Analytical Applications Infrastructure>=8.0.6<=8.1.0
Oracle FLEXCUBE Core Banking=11.7.0
Oracle FLEXCUBE Core Banking=11.8.0
Oracle FLEXCUBE Core Banking=11.9.0
Oracle FLEXCUBE Core Banking=11.10.0
Oracle Fusion Middleware=12.2.1.4.0
Oracle Health Sciences Empirica Signal=9.0
Oracle Health Sciences Information Manager=3.0.1
Oracle Insurance Policy Administration J2EE>=11.1.0<=11.3.0
Oracle Insurance Policy Administration J2EE=10.2.0
Oracle Insurance Policy Administration J2EE=10.2.4
Oracle Insurance Policy Administration J2EE=11.0.2
Oracle Insurance Rules Palette>=11.1.0<=11.3.0
Oracle Insurance Rules Palette=10.2.0
Oracle Insurance Rules Palette=10.2.4
Oracle Insurance Rules Palette=11.0.2
Oracle JDeveloper=12.2.1.4.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=16.1.0.0<=16.2.20.1
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.1.0.0<=17.12.17.1
Oracle Primavera P6 Enterprise Project Portfolio Management>=18.1.0.0<=18.8.19.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=19.12.0.0<=19.12.6.0
Oracle Rapid Planning=12.1
Oracle Rapid Planning=12.2
Oracle Customer Management and Segmentation Foundation=16.0
Oracle Customer Management and Segmentation Foundation=17.0
Oracle Customer Management and Segmentation Foundation=18.0
Oracle Customer Management and Segmentation Foundation=19.0
Oracle Retail Integration Bus=15.0
Oracle Retail Integration Bus=16.0
Oracle Retail Order Broker=15.0
Oracle Retail Order Broker=16.0
Oracle Retail Order Broker=18.0
Oracle Retail Order Broker=19.0
Oracle Retail Order Broker=19.1
Oracle Retail Pricing=14.0.3
Oracle Retail Pricing=14.1.3.0
Oracle Retail Pricing=15.0.3.0
Oracle Retail Pricing=16.0.3.0
Oracle Retail Xstore Office Cloud Service=15.0.4
Oracle Retail Xstore Office Cloud Service=16.0.6
Oracle Retail Xstore Office Cloud Service=17.0.4
Oracle Retail Xstore Office Cloud Service=18.0.3
Oracle Storagetek Tape Analytics=2.3
Oracle Utilities Framework>=4.3.0.1.0<=4.3.0.6.0
Oracle Utilities Framework=2.2.0.0.0
Oracle Utilities Framework=4.2.0.2.0
Oracle Utilities Framework=4.2.0.3.0
Oracle Utilities Framework=4.4.0.0.0
Oracle Utilities Framework=4.4.0.2.0
Oracle WebCenter Portal=11.1.1.9.0
Oracle WebCenter Portal=12.2.1.3.0
Oracle WebCenter Portal=12.2.1.4.0
openSUSE=15.1
NetApp OnCommand API Services
NetApp OnCommand Workflow Automation
NetApp Snap Creator Framework
NetApp SnapCenter
netapp snapmanager Oracle
netapp snapmanager sap
Ubuntu Linux=16.04
Ubuntu=16.04

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=1694235

Remedy

https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658

Remedy

https://github.com/dom4j/dom4j/commits/version-2.0.3

Remedy

https://www.oracle.com//security-alerts/cpujul2021.html

Remedy

https://www.oracle.com/security-alerts/cpuApr2021.html

Remedy

https://www.oracle.com/security-alerts/cpujan2021.html

Remedy

https://www.oracle.com/security-alerts/cpuoct2020.html

Remedy

https://www.oracle.com/security-alerts/cpuoct2021.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2020-10683?

    CVE-2020-10683 is rated as critical due to its potential to allow a remote authenticated attacker to access sensitive information through an XML external entity (XXE) error.

  • How do I fix CVE-2020-10683?

    To remediate CVE-2020-10683, you should upgrade the affected dom4j version to 2.1.3 or later.

  • What software is affected by CVE-2020-10683?

    CVE-2020-10683 affects multiple Red Hat packages that utilize the dom4j library, including eap7-dom4j and others.

  • Can CVE-2020-10683 be exploited without authentication?

    No, CVE-2020-10683 requires that the attacker be an authenticated user to exploit the vulnerability.

  • What types of attacks are possible due to CVE-2020-10683?

    Exploitation of CVE-2020-10683 may allow attackers to conduct data exfiltration attacks through crafted XML inputs.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203