CVE-2019-10244
Published Apr 9, 2019
Last updated 5 years ago
Overview
- Description
- In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.
- Source
- emo@eclipse.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:eclipse:kura:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8694467-C2A3-42A1-8BB7-6D038E2DDA89",
"versionEndIncluding": "4.0.0"
}
],
"operator": "OR"
}
]
}
]