Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-10683

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
dom4j_project / dom4j 2.1.0 2.1.3
dom4j_project / dom4j - 2.0.3
oracle / insurance_policy_administration_j2ee 10.2.0 10.2.0.x
oracle / insurance_rules_palette 10.2.0 10.2.0.x
oracle / retail_integration_bus 15.0 15.0.x
oracle / webcenter_portal 12.2.1.3.0 12.2.1.3.0.x
oracle / webcenter_portal 11.1.1.9.0 11.1.1.9.0.x
oracle / utilities_framework 4.2.0.3.0 4.2.0.3.0.x
oracle / utilities_framework 4.2.0.2.0 4.2.0.2.0.x
oracle / utilities_framework 2.2.0.0.0 2.2.0.0.0.x
oracle / flexcube_core_banking 11.7.0 11.7.0.x
oracle / business_process_management_suite 12.2.1.3.0 12.2.1.3.0.x
oracle / endeca_information_discovery_integrator 3.2.0 3.2.0.x
oracle / application_testing_suite 13.3.0.1 13.3.0.1.x
oracle / retail_order_broker 15.0 15.0.x
oracle / retail_order_broker 16.0 16.0.x
oracle / retail_integration_bus 16.0 16.0.x
oracle / retail_customer_management_and_segmentation_foundation 16.0 16.0.x
oracle / retail_customer_management_and_segmentation_foundation 17.0 17.0.x
oracle / retail_customer_management_and_segmentation_foundation 18.0 18.0.x
oracle / enterprise_data_quality 12.2.1.3.0 12.2.1.3.0.x
oracle / data_integrator 12.2.1.3.0 12.2.1.3.0.x
oracle / utilities_framework 4.4.0.0.0 4.4.0.0.0.x
oracle / agile_plm 9.3.3 9.3.3.x
oracle / agile_plm 9.3.5 9.3.5.x
oracle / communications_unified_inventory_management 7.4.0 7.4.0.x
oracle / fusion_middleware 12.2.1.4.0 12.2.1.4.0.x
oracle / financial_services_analytical_applications_infrastructure 8.0.6 8.1.0.x
oracle / webcenter_portal 12.2.1.4.0 12.2.1.4.0.x
oracle / primavera_p6_enterprise_project_portfolio_management 17.1.0.0 17.12.17.1.x
oracle / primavera_p6_enterprise_project_portfolio_management 16.1.0.0 16.2.20.1.x
oracle / primavera_p6_enterprise_project_portfolio_management 18.1.0.0 18.8.19.0.x
oracle / enterprise_manager_base_platform 13.4.0.0 13.4.0.0.x
oracle / rapid_planning 12.1 12.1.x
oracle / rapid_planning 12.2 12.2.x
oracle / primavera_p6_enterprise_project_portfolio_management 19.12.0.0 19.12.6.0.x
oracle / utilities_framework 4.3.0.1.0 4.3.0.6.0.x
oracle / utilities_framework 4.4.0.2.0 4.4.0.2.0.x
oracle / retail_customer_management_and_segmentation_foundation 19.0 19.0.x
oracle / communications_diameter_signaling_router 8.0.0 8.2.2.x
oracle / jdeveloper 12.2.1.4.0 12.2.1.4.0.x
oracle / communications_unified_inventory_management 7.3.0 7.3.0.x
oracle / communications_application_session_controller 3.9m0p1 3.9m0p1.x
oracle / data_integrator 12.2.1.4.0 12.2.1.4.0.x
oracle / enterprise_data_quality 11.1.1.9.0 11.1.1.9.0.x
oracle / health_sciences_information_manager 3.0.1 3.0.1.x
oracle / banking_platform 2.4.0 2.10.0.x
oracle / retail_order_broker 18.0 18.0.x
oracle / business_process_management_suite 12.2.1.4.0 12.2.1.4.0.x
oracle / insurance_rules_palette 10.2.4 10.2.4.x
oracle / insurance_rules_palette 11.0.2 11.0.2.x
oracle / insurance_policy_administration_j2ee 10.2.4 10.2.4.x
oracle / insurance_policy_administration_j2ee 11.0.2 11.0.2.x
oracle / retail_xstore_point_of_service 16.0.6 16.0.6.x
oracle / retail_xstore_point_of_service 17.0.4 17.0.4.x
oracle / retail_xstore_point_of_service 18.0.3 18.0.3.x
oracle / health_sciences_empirica_signal 9.0 9.0.x
oracle / insurance_rules_palette 11.1.0 11.3.0.x
oracle / retail_xstore_point_of_service 15.0.4 15.0.4.x
oracle / storagetek_tape_analytics_sw_tool 2.3 2.3.x
oracle / retail_price_management 14.0.3 14.0.3.x
oracle / retail_price_management 14.1.3.0 14.1.3.0.x
oracle / retail_price_management 15.0.3.0 15.0.3.0.x
oracle / retail_price_management 16.0.3.0 16.0.3.0.x
oracle / retail_order_broker 19.0 19.0.x
oracle / retail_order_broker 19.1 19.1.x
oracle / documaker 12.6.0 12.6.4.x
oracle / flexcube_core_banking 11.8.0 11.8.0.x
oracle / flexcube_core_banking 11.10.0 11.10.0.x
oracle / flexcube_core_banking 11.9.0 11.9.0.x
oracle / insurance_policy_administration_j2ee 11.1.0 11.3.0.x
opensuse / leap 15.1 15.1.x
canonical / ubuntu_linux 16.04 16.04.x
org.dom4j / dom4j - 2.0.3
org.dom4j / dom4j 2.1.0 2.1.3
dom4j / dom4j - 1.6.1.x