vulnerability
Red Hat JBoss EAP: CVE-2020-10683: Improper Restriction of XML External Entity Reference
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Apr 15, 2020 | Sep 19, 2024 | Jul 2, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Apr 15, 2020
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-611
- CVE-2020-10683
- https://attackerkb.com/topics/CVE-2020-10683
- URL-https://access.redhat.com/security/cve/CVE-2020-10683
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=1694235
- URL-https://access.redhat.com/errata/RHSA-2020:3461
- URL-https://access.redhat.com/errata/RHSA-2020:3462
- URL-https://access.redhat.com/errata/RHSA-2020:3463
- URL-https://access.redhat.com/errata/RHSA-2020:3464
- URL-https://access.redhat.com/errata/RHSA-2020:3637
- URL-https://access.redhat.com/errata/RHSA-2020:3638
- URL-https://access.redhat.com/errata/RHSA-2020:3639
- URL-https://access.redhat.com/errata/RHSA-2020:3642
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.