critical
9.8
CWE
611
Advisory Published
CVE Published
CVE Published
Updated

CVE-2020-10683: XEE

First published: Fri Mar 29 2019(Updated: )

dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el6ea
0:2.1.3-1.redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el6ea
0:1.2.5-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el6ea
0:2.3.5-13.SP3_redhat_00011.1.el6ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el6ea
0:3.0.23-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el6ea
0:5.3.17-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el6ea
0:6.0.20-1.Final_redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.4.22-1.Final_redhat_00001.1.el6ea
0:1.4.22-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-databind<0:2.9.10.4-1.redhat_00001.1.el6ea
0:2.9.10.4-1.redhat_00001.1.el6ea
redhat/eap7-jboss-genericjms<0:2.0.6-1.Final_redhat_00001.1.el6ea
0:2.0.6-1.Final_redhat_00001.1.el6ea
redhat/eap7-jboss-logmanager<0:2.1.15-1.Final_redhat_00001.1.el6ea
0:2.1.15-1.Final_redhat_00001.1.el6ea
redhat/eap7-jboss-modules<0:1.8.10-1.Final_redhat_00001.1.el6ea
0:1.8.10-1.Final_redhat_00001.1.el6ea
redhat/eap7-jboss-server-migration<0:1.3.1-13.Final_redhat_00014.1.el6ea
0:1.3.1-13.Final_redhat_00014.1.el6ea
redhat/eap7-jboss-xnio-base<0:3.7.6-4.SP3_redhat_00001.1.el6ea
0:3.7.6-4.SP3_redhat_00001.1.el6ea
redhat/eap7-resteasy<0:3.6.1-10.SP9_redhat_00001.1.el6ea
0:3.6.1-10.SP9_redhat_00001.1.el6ea
redhat/eap7-undertow<0:2.0.30-4.SP4_redhat_00001.1.el6ea
0:2.0.30-4.SP4_redhat_00001.1.el6ea
redhat/eap7-weld-core<0:3.0.6-4.Final_redhat_00004.1.el6ea
0:3.0.6-4.Final_redhat_00004.1.el6ea
redhat/eap7-wildfly<0:7.2.9-4.GA_redhat_00003.1.el6ea
0:7.2.9-4.GA_redhat_00003.1.el6ea
redhat/eap7-wildfly-elytron<0:1.6.8-1.Final_redhat_00001.1.el6ea
0:1.6.8-1.Final_redhat_00001.1.el6ea
redhat/eap7-wildfly-http-client<0:1.0.22-1.Final_redhat_00001.1.el6ea
0:1.0.22-1.Final_redhat_00001.1.el6ea
redhat/eap7-wildfly-transaction-client<0:1.1.11-1.Final_redhat_00001.1.el6ea
0:1.1.11-1.Final_redhat_00001.1.el6ea
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el7ea
0:2.1.3-1.redhat_00001.1.el7ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el7ea
0:1.2.5-1.Final_redhat_00001.1.el7ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el7ea
0:2.3.5-13.SP3_redhat_00011.1.el7ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el7ea
0:3.0.23-1.Final_redhat_00001.1.el7ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el7ea
0:5.3.17-1.Final_redhat_00001.1.el7ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el7ea
0:6.0.20-1.Final_redhat_00001.1.el7ea
redhat/eap7-ironjacamar<0:1.4.22-1.Final_redhat_00001.1.el7ea
0:1.4.22-1.Final_redhat_00001.1.el7ea
redhat/eap7-jackson-databind<0:2.9.10.4-1.redhat_00001.1.el7ea
0:2.9.10.4-1.redhat_00001.1.el7ea
redhat/eap7-jboss-genericjms<0:2.0.6-1.Final_redhat_00001.1.el7ea
0:2.0.6-1.Final_redhat_00001.1.el7ea
redhat/eap7-jboss-logmanager<0:2.1.15-1.Final_redhat_00001.1.el7ea
0:2.1.15-1.Final_redhat_00001.1.el7ea
redhat/eap7-jboss-modules<0:1.8.10-1.Final_redhat_00001.1.el7ea
0:1.8.10-1.Final_redhat_00001.1.el7ea
redhat/eap7-jboss-server-migration<0:1.3.1-13.Final_redhat_00014.1.el7ea
0:1.3.1-13.Final_redhat_00014.1.el7ea
redhat/eap7-jboss-xnio-base<0:3.7.6-4.SP3_redhat_00001.1.el7ea
0:3.7.6-4.SP3_redhat_00001.1.el7ea
redhat/eap7-resteasy<0:3.6.1-10.SP9_redhat_00001.1.el7ea
0:3.6.1-10.SP9_redhat_00001.1.el7ea
redhat/eap7-undertow<0:2.0.30-4.SP4_redhat_00001.1.el7ea
0:2.0.30-4.SP4_redhat_00001.1.el7ea
redhat/eap7-weld-core<0:3.0.6-4.Final_redhat_00004.1.el7ea
0:3.0.6-4.Final_redhat_00004.1.el7ea
redhat/eap7-wildfly<0:7.2.9-4.GA_redhat_00003.1.el7ea
0:7.2.9-4.GA_redhat_00003.1.el7ea
redhat/eap7-wildfly-elytron<0:1.6.8-1.Final_redhat_00001.1.el7ea
0:1.6.8-1.Final_redhat_00001.1.el7ea
redhat/eap7-wildfly-http-client<0:1.0.22-1.Final_redhat_00001.1.el7ea
0:1.0.22-1.Final_redhat_00001.1.el7ea
redhat/eap7-wildfly-transaction-client<0:1.1.11-1.Final_redhat_00001.1.el7ea
0:1.1.11-1.Final_redhat_00001.1.el7ea
redhat/eap7-dom4j<0:2.1.3-1.redhat_00001.1.el8ea
0:2.1.3-1.redhat_00001.1.el8ea
redhat/eap7-elytron-web<0:1.2.5-1.Final_redhat_00001.1.el8ea
0:1.2.5-1.Final_redhat_00001.1.el8ea
redhat/eap7-glassfish-jsf<0:2.3.5-13.SP3_redhat_00011.1.el8ea
0:2.3.5-13.SP3_redhat_00011.1.el8ea
redhat/eap7-hal-console<0:3.0.23-1.Final_redhat_00001.1.el8ea
0:3.0.23-1.Final_redhat_00001.1.el8ea
redhat/eap7-hibernate<0:5.3.17-1.Final_redhat_00001.1.el8ea
0:5.3.17-1.Final_redhat_00001.1.el8ea
redhat/eap7-hibernate-validator<0:6.0.20-1.Final_redhat_00001.1.el8ea
0:6.0.20-1.Final_redhat_00001.1.el8ea
redhat/eap7-ironjacamar<0:1.4.22-1.Final_redhat_00001.1.el8ea
0:1.4.22-1.Final_redhat_00001.1.el8ea
redhat/eap7-jackson-databind<0:2.9.10.4-1.redhat_00001.1.el8ea
0:2.9.10.4-1.redhat_00001.1.el8ea
redhat/eap7-jboss-genericjms<0:2.0.6-1.Final_redhat_00001.1.el8ea
0:2.0.6-1.Final_redhat_00001.1.el8ea
redhat/eap7-jboss-logmanager<0:2.1.15-1.Final_redhat_00001.1.el8ea
0:2.1.15-1.Final_redhat_00001.1.el8ea
redhat/eap7-jboss-modules<0:1.8.10-1.Final_redhat_00001.1.el8ea
0:1.8.10-1.Final_redhat_00001.1.el8ea
redhat/eap7-jboss-server-migration<0:1.3.1-13.Final_redhat_00014.1.el8ea
0:1.3.1-13.Final_redhat_00014.1.el8ea
redhat/eap7-jboss-xnio-base<0:3.7.6-4.SP3_redhat_00001.1.el8ea
0:3.7.6-4.SP3_redhat_00001.1.el8ea
redhat/eap7-resteasy<0:3.6.1-10.SP9_redhat_00001.1.el8ea
0:3.6.1-10.SP9_redhat_00001.1.el8ea
redhat/eap7-undertow<0:2.0.30-4.SP4_redhat_00001.1.el8ea
0:2.0.30-4.SP4_redhat_00001.1.el8ea
redhat/eap7-weld-core<0:3.0.6-4.Final_redhat_00004.1.el8ea
0:3.0.6-4.Final_redhat_00004.1.el8ea
redhat/eap7-wildfly<0:7.2.9-4.GA_redhat_00003.1.el8ea
0:7.2.9-4.GA_redhat_00003.1.el8ea
redhat/eap7-wildfly-elytron<0:1.6.8-1.Final_redhat_00001.1.el8ea
0:1.6.8-1.Final_redhat_00001.1.el8ea
redhat/eap7-wildfly-http-client<0:1.0.22-1.Final_redhat_00001.1.el8ea
0:1.0.22-1.Final_redhat_00001.1.el8ea
redhat/eap7-wildfly-transaction-client<0:1.1.11-1.Final_redhat_00001.1.el8ea
0:1.1.11-1.Final_redhat_00001.1.el8ea
redhat/eap7-elytron-web<0:1.6.2-1.Final_redhat_00001.1.el6ea
0:1.6.2-1.Final_redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.9-11.SP11_redhat_00001.1.el6ea
0:2.3.9-11.SP11_redhat_00001.1.el6ea
redhat/eap7-hal-console<0:3.2.9-1.Final_redhat_00001.1.el6ea
0:3.2.9-1.Final_redhat_00001.1.el6ea
redhat/eap7-infinispan<0:9.4.19-1.Final_redhat_00001.1.el6ea
0:9.4.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.10.4-1.redhat_00001.1.el6ea
0:2.10.4-1.redhat_00001.1.el6ea
redhat/eap7-jackson-core<0:2.10.4-1.redhat_00001.1.el6ea
0:2.10.4-1.redhat_00001.1.el6ea
redhat/eap7-jackson-databind<0:2.10.4-1.redhat_00001.1.el6ea
0:2.10.4-1.redhat_00001.1.el6ea
redhat/eap7-jackson-jaxrs-providers<0:2.10.4-1.redhat_00001.1.el6ea
0:2.10.4-1.redhat_00001.1.el6ea
redhat/eap7-jackson-modules-base<0:2.10.4-1.redhat_00001.1.el6ea
0:2.10.4-1.redhat_00001.1.el6ea
redhat/eap7-jackson-modules-java8<0:2.10.4-1.redhat_00001.1.el6ea
0:2.10.4-1.redhat_00001.1.el6ea
redhat/eap7-jboss-server-migration<0:1.7.1-7.Final_redhat_00009.1.el6ea
0:1.7.1-7.Final_redhat_00009.1.el6ea
redhat/eap7-jboss-xnio-base<0:3.7.8-1.SP1_redhat_00001.1.el6ea
0:3.7.8-1.SP1_redhat_00001.1.el6ea
redhat/eap7-netty<0:4.1.48-1.Final_redhat_00001.1.el6ea
0:4.1.48-1.Final_redhat_00001.1.el6ea
redhat/eap7-wildfly<0:7.3.2-4.GA_redhat_00002.1.el6ea
0:7.3.2-4.GA_redhat_00002.1.el6ea
redhat/eap7-wildfly-common<0:1.5.2-1.Final_redhat_00002.1.el6ea
0:1.5.2-1.Final_redhat_00002.1.el6ea
redhat/eap7-wildfly-elytron<0:1.10.7-1.Final_redhat_00001.1.el6ea
0:1.10.7-1.Final_redhat_00001.1.el6ea
redhat/eap7-elytron-web<0:1.6.2-1.Final_redhat_00001.1.el7ea
0:1.6.2-1.Final_redhat_00001.1.el7ea
redhat/eap7-glassfish-jsf<0:2.3.9-11.SP11_redhat_00001.1.el7ea
0:2.3.9-11.SP11_redhat_00001.1.el7ea
redhat/eap7-hal-console<0:3.2.9-1.Final_redhat_00001.1.el7ea
0:3.2.9-1.Final_redhat_00001.1.el7ea
redhat/eap7-infinispan<0:9.4.19-1.Final_redhat_00001.1.el7ea
0:9.4.19-1.Final_redhat_00001.1.el7ea
redhat/eap7-jackson-annotations<0:2.10.4-1.redhat_00001.1.el7ea
0:2.10.4-1.redhat_00001.1.el7ea
redhat/eap7-jackson-core<0:2.10.4-1.redhat_00001.1.el7ea
0:2.10.4-1.redhat_00001.1.el7ea
redhat/eap7-jackson-databind<0:2.10.4-1.redhat_00001.1.el7ea
0:2.10.4-1.redhat_00001.1.el7ea
redhat/eap7-jackson-jaxrs-providers<0:2.10.4-1.redhat_00001.1.el7ea
0:2.10.4-1.redhat_00001.1.el7ea
redhat/eap7-jackson-modules-base<0:2.10.4-1.redhat_00001.1.el7ea
0:2.10.4-1.redhat_00001.1.el7ea
redhat/eap7-jackson-modules-java8<0:2.10.4-1.redhat_00001.1.el7ea
0:2.10.4-1.redhat_00001.1.el7ea
redhat/eap7-jboss-server-migration<0:1.7.1-7.Final_redhat_00009.1.el7ea
0:1.7.1-7.Final_redhat_00009.1.el7ea
redhat/eap7-jboss-xnio-base<0:3.7.8-1.SP1_redhat_00001.1.el7ea
0:3.7.8-1.SP1_redhat_00001.1.el7ea
redhat/eap7-netty<0:4.1.48-1.Final_redhat_00001.1.el7ea
0:4.1.48-1.Final_redhat_00001.1.el7ea
redhat/eap7-wildfly<0:7.3.2-4.GA_redhat_00002.1.el7ea
0:7.3.2-4.GA_redhat_00002.1.el7ea
redhat/eap7-wildfly-common<0:1.5.2-1.Final_redhat_00002.1.el7ea
0:1.5.2-1.Final_redhat_00002.1.el7ea
redhat/eap7-wildfly-elytron<0:1.10.7-1.Final_redhat_00001.1.el7ea
0:1.10.7-1.Final_redhat_00001.1.el7ea
redhat/eap7-elytron-web<0:1.6.2-1.Final_redhat_00001.1.el8ea
0:1.6.2-1.Final_redhat_00001.1.el8ea
redhat/eap7-glassfish-jsf<0:2.3.9-11.SP11_redhat_00001.1.el8ea
0:2.3.9-11.SP11_redhat_00001.1.el8ea
redhat/eap7-hal-console<0:3.2.9-1.Final_redhat_00001.1.el8ea
0:3.2.9-1.Final_redhat_00001.1.el8ea
redhat/eap7-infinispan<0:9.4.19-1.Final_redhat_00001.1.el8ea
0:9.4.19-1.Final_redhat_00001.1.el8ea
redhat/eap7-jackson-annotations<0:2.10.4-1.redhat_00001.1.el8ea
0:2.10.4-1.redhat_00001.1.el8ea
redhat/eap7-jackson-core<0:2.10.4-1.redhat_00001.1.el8ea
0:2.10.4-1.redhat_00001.1.el8ea
redhat/eap7-jackson-databind<0:2.10.4-1.redhat_00001.1.el8ea
0:2.10.4-1.redhat_00001.1.el8ea
redhat/eap7-jackson-jaxrs-providers<0:2.10.4-1.redhat_00001.1.el8ea
0:2.10.4-1.redhat_00001.1.el8ea
redhat/eap7-jackson-modules-base<0:2.10.4-1.redhat_00001.1.el8ea
0:2.10.4-1.redhat_00001.1.el8ea
redhat/eap7-jackson-modules-java8<0:2.10.4-1.redhat_00001.1.el8ea
0:2.10.4-1.redhat_00001.1.el8ea
redhat/eap7-jboss-server-migration<0:1.7.1-7.Final_redhat_00009.1.el8ea
0:1.7.1-7.Final_redhat_00009.1.el8ea
redhat/eap7-jboss-xnio-base<0:3.7.8-1.SP1_redhat_00001.1.el8ea
0:3.7.8-1.SP1_redhat_00001.1.el8ea
redhat/eap7-netty<0:4.1.48-1.Final_redhat_00001.1.el8ea
0:4.1.48-1.Final_redhat_00001.1.el8ea
redhat/eap7-wildfly<0:7.3.2-4.GA_redhat_00002.1.el8ea
0:7.3.2-4.GA_redhat_00002.1.el8ea
redhat/eap7-wildfly-common<0:1.5.2-1.Final_redhat_00002.1.el8ea
0:1.5.2-1.Final_redhat_00002.1.el8ea
redhat/eap7-wildfly-elytron<0:1.10.7-1.Final_redhat_00001.1.el8ea
0:1.10.7-1.Final_redhat_00001.1.el8ea
redhat/dom4j<2.0.3
2.0.3
redhat/dom4j<2.1.3
2.1.3
ubuntu/dom4j<1.6.1+dfsg.3-2ubuntu1.1
1.6.1+dfsg.3-2ubuntu1.1
debian/dom4j
2.1.3-1
2.1.3-2
2.1.4-1
Dom4j<2.0.3
Dom4j>=2.1.0<2.1.3
Oracle Agile Product Lifecycle Management Framework=9.3.3
Oracle Agile Product Lifecycle Management Framework=9.3.5
Oracle Application Testing Suite=13.3.0.1
Oracle Banking Platform>=2.4.0<=2.10.0
Oracle Business Process Management Suite=12.2.1.3.0
Oracle Business Process Management Suite=12.2.1.4.0
Oracle Communications Application Session Controller=3.9m0p1
Oracle Communications Diameter Signaling Router>=8.0.0<=8.2.2
Oracle Communications Unified Inventory Management=7.3.0
Oracle Communications Unified Inventory Management=7.4.0
Oracle Data Integrator=12.2.1.3.0
Oracle Data Integrator=12.2.1.4.0
Oracle Documaker>=12.6.0<=12.6.4
Oracle Endeca Information Discovery Integrator=3.2.0
Oracle Enterprise Data Quality=11.1.1.9.0
Oracle Enterprise Data Quality=12.2.1.3.0
Oracle Enterprise Manager=13.4.0.0
Oracle Financial Services Analytical Applications Infrastructure>=8.0.6<=8.1.0
Oracle FLEXCUBE Core Banking=11.7.0
Oracle FLEXCUBE Core Banking=11.8.0
Oracle FLEXCUBE Core Banking=11.9.0
Oracle FLEXCUBE Core Banking=11.10.0
Oracle Fusion Middleware=12.2.1.4.0
Oracle Health Sciences Empirica Signal=9.0
Oracle Health Sciences Information Manager=3.0.1
Oracle Insurance Policy Administration>=11.1.0<=11.3.0
Oracle Insurance Policy Administration=10.2.0
Oracle Insurance Policy Administration=10.2.4
Oracle Insurance Policy Administration=11.0.2
Oracle Insurance Rules Palette>=11.1.0<=11.3.0
Oracle Insurance Rules Palette=10.2.0
Oracle Insurance Rules Palette=10.2.4
Oracle Insurance Rules Palette=11.0.2
Oracle JDeveloper=12.2.1.4.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=16.1.0.0<=16.2.20.1
Oracle Primavera P6 Enterprise Project Portfolio Management>=17.1.0.0<=17.12.17.1
Oracle Primavera P6 Enterprise Project Portfolio Management>=18.1.0.0<=18.8.19.0
Oracle Primavera P6 Enterprise Project Portfolio Management>=19.12.0.0<=19.12.6.0
Oracle Rapid Planning=12.1
Oracle Rapid Planning=12.2
Oracle Customer Management and Segmentation Foundation=16.0
Oracle Customer Management and Segmentation Foundation=17.0
Oracle Customer Management and Segmentation Foundation=18.0
Oracle Customer Management and Segmentation Foundation=19.0
Oracle Retail Integration Bus=15.0
Oracle Retail Integration Bus=16.0
Oracle Retail Order Broker=15.0
Oracle Retail Order Broker=16.0
Oracle Retail Order Broker=18.0
Oracle Retail Order Broker=19.0
Oracle Retail Order Broker=19.1
Oracle Retail Pricing=14.0.3
Oracle Retail Pricing=14.1.3.0
Oracle Retail Pricing=15.0.3.0
Oracle Retail Pricing=16.0.3.0
Oracle Retail Xstore Office Cloud Service=15.0.4
Oracle Retail Xstore Office Cloud Service=16.0.6
Oracle Retail Xstore Office Cloud Service=17.0.4
Oracle Retail Xstore Office Cloud Service=18.0.3
Oracle Storagetek Tape Analytics=2.3
Oracle Utilities>=4.3.0.1.0<=4.3.0.6.0
Oracle Utilities=2.2.0.0.0
Oracle Utilities=4.2.0.2.0
Oracle Utilities=4.2.0.3.0
Oracle Utilities=4.4.0.0.0
Oracle Utilities=4.4.0.2.0
Oracle WebCenter Portal=11.1.1.9.0
Oracle WebCenter Portal=12.2.1.3.0
Oracle WebCenter Portal=12.2.1.4.0
SUSE Linux=15.1
NetApp OnCommand API Services
NetApp OnCommand Workflow Automation
NetApp Snap Creator Framework
NetApp SnapCenter
NetApp SnapManager for Oracle
NetApp SnapManager for SAP
Ubuntu=16.04
IBM Engineering Lifecycle Management<=6.0.6.1
IBM Engineering Lifecycle Management<=6.0.6
IBM Engineering Lifecycle Management (ELM)<=7.0.2
IBM Engineering Lifecycle Management (ELM)<=7.0
IBM Engineering Lifecycle Management (ELM)<=7.0.1
IBM Engineering Requirements Quality Assistant On-Premises<=1.0
IBM Engineering Requirements Quality Assistant<=All
IBM Engineering Workflow Management (EWM)<=7.0.2
IBM Engineering Workflow Management (EWM)<=7.0.1
IBM Rational Team Concert<=6.0.2
IBM Rational Team Concert<=6.0.6.1
IBM Engineering Workflow Management (EWM)<=7.0
IBM Rational Team Concert<=6.0.6
IBM Rhapsody<=All
IBM Rational DOORS Next Generation<=7.0.2
IBM Rational DOORS Next Generation<=7.0
IBM Rational DOORS Next Generation<=7.0.1
IBM Rational DOORS Next Generation<=6.0.6.1
IBM Rational DOORS Next Generation<=6.0.6

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=1694235

Remedy

https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658

Remedy

https://github.com/dom4j/dom4j/commits/version-2.0.3

Remedy

https://www.oracle.com//security-alerts/cpujul2021.html

Remedy

https://www.oracle.com/security-alerts/cpuApr2021.html

Remedy

https://www.oracle.com/security-alerts/cpujan2021.html

Remedy

https://www.oracle.com/security-alerts/cpuoct2020.html

Remedy

https://www.oracle.com/security-alerts/cpuoct2021.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2020-10683?

    CVE-2020-10683 is rated as critical due to its potential to allow a remote authenticated attacker to access sensitive information through an XML external entity (XXE) error.

  • How do I fix CVE-2020-10683?

    To remediate CVE-2020-10683, you should upgrade the affected dom4j version to 2.1.3 or later.

  • What software is affected by CVE-2020-10683?

    CVE-2020-10683 affects multiple Red Hat packages that utilize the dom4j library, including eap7-dom4j and others.

  • Can CVE-2020-10683 be exploited without authentication?

    No, CVE-2020-10683 requires that the attacker be an authenticated user to exploit the vulnerability.

  • What types of attacks are possible due to CVE-2020-10683?

    Exploitation of CVE-2020-10683 may allow attackers to conduct data exfiltration attacks through crafted XML inputs.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203