Is CVE-2020-10683 actively exploited?

CVE-2020-10683 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2020-10683?

CVE-2020-10683 has a CVSS score of 9.8 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2020-10683?

Patch guidance is available from dom4j project security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2020-10683.

Fix CVE-2020-10683 - CRITICAL dom4j project dom4j

Q: Which products are affected by CVE-2020-10683?

79 products: dom4j project dom4j, dom4j project dom4j, oracle agile plm, oracle agile plm, oracle application testing suite, and 74 more.

Description

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-611 · XML External Entity (XXE)

Metadata

Primary Vendor: DOM4J_PROJECT
Published: 5/1/2020
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

dom4j_project : dom4jdom4j_project : dom4joracle : agile_plmoracle : agile_plmoracle : application_testing_suiteoracle : banking_platformoracle : business_process_management_suiteoracle : business_process_management_suiteoracle : communications_application_session_controlleroracle : communications_diameter_signaling_routeroracle : communications_unified_inventory_managementoracle : communications_unified_inventory_managementoracle : data_integratororacle : data_integratororacle : documakeroracle : endeca_information_discovery_integratororacle : enterprise_data_qualityoracle : enterprise_data_qualityoracle : enterprise_manager_base_platformoracle : financial_services_analytical_applications_infrastructureoracle : flexcube_core_bankingoracle : flexcube_core_bankingoracle : flexcube_core_bankingoracle : flexcube_core_bankingoracle : fusion_middlewareoracle : health_sciences_empirica_signaloracle : health_sciences_information_manageroracle : insurance_policy_administration_j2eeoracle : insurance_policy_administration_j2eeoracle : insurance_policy_administration_j2eeoracle : insurance_policy_administration_j2eeoracle : insurance_rules_paletteoracle : insurance_rules_paletteoracle : insurance_rules_paletteoracle : insurance_rules_paletteoracle : jdeveloperoracle : primavera_p6_enterprise_project_portfolio_managementoracle : primavera_p6_enterprise_project_portfolio_managementoracle : primavera_p6_enterprise_project_portfolio_managementoracle : primavera_p6_enterprise_project_portfolio_managementoracle : rapid_planningoracle : rapid_planningoracle : retail_customer_management_and_segmentation_foundationoracle : retail_customer_management_and_segmentation_foundationoracle : retail_customer_management_and_segmentation_foundationoracle : retail_customer_management_and_segmentation_foundationoracle : retail_integration_busoracle : retail_integration_busoracle : retail_order_brokeroracle : retail_order_brokeroracle : retail_order_brokeroracle : retail_order_brokeroracle : retail_order_brokeroracle : retail_price_managementoracle : retail_price_managementoracle : retail_price_managementoracle : retail_price_managementoracle : retail_xstore_point_of_serviceoracle : retail_xstore_point_of_serviceoracle : retail_xstore_point_of_serviceoracle : retail_xstore_point_of_serviceoracle : storagetek_tape_analytics_sw_tooloracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : utilities_frameworkoracle : webcenter_portaloracle : webcenter_portaloracle : webcenter_portalopensuse : leapnetapp : oncommand_api_servicesnetapp : oncommand_workflow_automationnetapp : snap_creator_frameworknetapp : snapcenternetapp : snapmanagernetapp : snapmanagercanonical : ubuntu_linux

Remediation Guidance

Executive Summary

View on NIST NVD