CVE-2019-10244

Summary

In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse Kuraunspecified <= 4.0.0affected

Weaknesses

  • CWE-611: CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

ADP Enrichment

CVE Program Container

Additional References

References