CVE-2014-8125
Improper Input Validation in Drools and jBPM
EPSS 0.96%
Description
XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.
How to fix CVE-2014-8125
To remediate CVE-2014-8125, upgrade the affected package to a fixed version below.
- Maven/org.drools:drools-core—upgrade to 6.2.0.Final or later
- Maven/org.jbpm:jbpm-bpmn2—upgrade to 6.2.0.Final or later
Is CVE-2014-8125 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 6.2.0.Final
- from 0, < 6.2.0.Final