Search
Find a vulnerability
Search criteria
4 vulnerabilities found for pdfreactor by realobjects
CVE-2019-12154 (GCVE-0-2019-12154)
Vulnerability from nvd – Published: 2019-06-11 20:35 – Updated: 2024-08-04 23:10
VLAI
EPSS
VEX
Summary
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.pdfreactor.com/important-pdfreactor-s… | x_refsource_CONFIRM |
| https://www.pdfreactor.com/pdfreactor-10-maintena… | x_refsource_CONFIRM |
| https://blog.gdssecurity.com/labs/2019/5/28/ssrf-… | x_refsource_MISC |
Date Public
2019-05-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-05-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T20:35:33.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"name": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"name": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html",
"refsource": "MISC",
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12154",
"datePublished": "2019-06-11T20:35:34.000Z",
"dateReserved": "2019-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:30.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12153 (GCVE-0-2019-12153)
Vulnerability from nvd – Published: 2019-06-11 20:33 – Updated: 2024-08-04 23:10
VLAI
EPSS
VEX
Summary
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.pdfreactor.com/important-pdfreactor-s… | x_refsource_CONFIRM |
| https://www.pdfreactor.com/pdfreactor-10-maintena… | x_refsource_CONFIRM |
| https://blog.gdssecurity.com/labs/2019/5/28/ssrf-… | x_refsource_MISC |
Date Public
2019-05-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-05-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T20:33:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"name": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"name": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html",
"refsource": "MISC",
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12153",
"datePublished": "2019-06-11T20:33:14.000Z",
"dateReserved": "2019-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:30.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12154 (GCVE-0-2019-12154)
Vulnerability from cvelistv5 – Published: 2019-06-11 20:35 – Updated: 2024-08-04 23:10
VLAI
EPSS
VEX
Summary
XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.pdfreactor.com/important-pdfreactor-s… | x_refsource_CONFIRM |
| https://www.pdfreactor.com/pdfreactor-10-maintena… | x_refsource_CONFIRM |
| https://blog.gdssecurity.com/labs/2019/5/28/ssrf-… | x_refsource_MISC |
Date Public
2019-05-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-05-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T20:35:33.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XXE in the XML parser library in RealObjects PDFreactor before 10.1.10722 allows attackers to supply malicious XML content in externally referenced resources, leading to disclosure of local file contents and/or denial of service conditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"name": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"name": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html",
"refsource": "MISC",
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12154",
"datePublished": "2019-06-11T20:35:34.000Z",
"dateReserved": "2019-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:30.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12153 (GCVE-0-2019-12153)
Vulnerability from cvelistv5 – Published: 2019-06-11 20:33 – Updated: 2024-08-04 23:10
VLAI
EPSS
VEX
Summary
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.pdfreactor.com/important-pdfreactor-s… | x_refsource_CONFIRM |
| https://www.pdfreactor.com/pdfreactor-10-maintena… | x_refsource_CONFIRM |
| https://blog.gdssecurity.com/labs/2019/5/28/ssrf-… | x_refsource_MISC |
Date Public
2019-05-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-05-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-11T20:33:14.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/important-pdfreactor-security-advisory/"
},
{
"name": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/",
"refsource": "CONFIRM",
"url": "https://www.pdfreactor.com/pdfreactor-10-maintenance-release-10-1-10722-now-available/"
},
{
"name": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html",
"refsource": "MISC",
"url": "https://blog.gdssecurity.com/labs/2019/5/28/ssrf-and-xxe-vulnerabilities-in-pdfreactor.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12153",
"datePublished": "2019-06-11T20:33:14.000Z",
"dateReserved": "2019-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:10:30.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}