Is CVE-2018-1000632 actively exploited?

CVE-2018-1000632 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2018-1000632?

CVE-2018-1000632 has a CVSS score of 7.5 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

How do I patch CVE-2018-1000632?

Patch guidance is available from dom4j project security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2018-1000632.

Fix CVE-2018-1000632 - HIGH dom4j project dom4j

Q: Which products are affected by CVE-2018-1000632?

34 products: dom4j project dom4j, dom4j project dom4j, debian debian linux, oracle flexcube investor servicing, oracle flexcube investor servicing, and 29 more.

Description

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: high
Availability: none
Weaknesses: CWE-91

Metadata

Primary Vendor: DOM4J_PROJECT
Published: 8/20/2018
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

dom4j_project : dom4jdom4j_project : dom4jdebian : debian_linuxoracle : flexcube_investor_servicingoracle : flexcube_investor_servicingoracle : flexcube_investor_servicingoracle : flexcube_investor_servicingoracle : flexcube_investor_servicingoracle : primavera_p6_enterprise_project_portfolio_managementoracle : primavera_p6_enterprise_project_portfolio_managementoracle : primavera_p6_enterprise_project_portfolio_managementoracle : primavera_p6_enterprise_project_portfolio_managementoracle : rapid_planningoracle : rapid_planningoracle : retail_integration_busoracle : retail_integration_busoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkredhat : satelliteredhat : satellite_capsuleredhat : jboss_enterprise_application_platformredhat : jboss_enterprise_application_platformredhat : jboss_enterprise_application_platformredhat : jboss_enterprise_application_platformredhat : jboss_enterprise_application_platformnetapp : oncommand_workflow_automationnetapp : snap_creator_frameworknetapp : snapcenternetapp : snapmanagernetapp : snapmanager

Remediation Guidance

Executive Summary

View on NIST NVD