CVE-2023-6194 (GCVE-0-2023-6194)
Vulnerability from cvelistv5 – Published: 2023-12-11 14:04 – Updated: 2024-08-02 08:21
VLAI?
Summary
In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit
document type definition (DTD) references to external entities.
This means that if a user chooses to use a malicious report definition XML file containing an external entity reference
to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.
Severity ?
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Eclipse Foundation | Eclipse Memory Analyzer (tools.mat) |
Affected:
0.7 , ≤ 1.14.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/15"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Eclipse Memory Analyzer (tools.mat)",
"vendor": "Eclipse Foundation",
"versions": [
{
"lessThanOrEqual": "1.14.0",
"status": "affected",
"version": "0.7",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit\ndocument type definition (DTD) references to external entities.\nThis means that if a user chooses to use a malicious report definition XML file containing an external entity reference\nto generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.\u003cbr\u003e"
}
],
"value": "In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit\ndocument type definition (DTD) references to external entities.\nThis means that if a user chooses to use a malicious report definition XML file containing an external entity reference\nto generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-11T14:04:51.680Z",
"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"shortName": "eclipse"
},
"references": [
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/15"
},
{
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631"
},
{
"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169"
}
],
"source": {
"discovery": "UNKNOWN"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA workaround for Eclipse Memory Analyzer 1.14.0 and earlier is to run MAT with the following system properties set in MemoryAnalyzer.ini\u003c/p\u003e\n\u003cdiv\u003e\n\u003cpre\u003e\u003ccode\u003e-Djavax.xml.accessExternalSchema=\n-Djavax.xml.accessExternalDTD=\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "A workaround for Eclipse Memory Analyzer 1.14.0 and earlier is to run MAT with the following system properties set in MemoryAnalyzer.ini\n\n\n\n-Djavax.xml.accessExternalSchema=\n-Djavax.xml.accessExternalDTD=\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
"cveId": "CVE-2023-6194",
"datePublished": "2023-12-11T14:04:51.680Z",
"dateReserved": "2023-11-17T16:32:44.668Z",
"dateUpdated": "2024-08-02T08:21:17.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-6194",
"date": "2026-05-15",
"epss": "0.0004",
"percentile": "0.12078"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-6194\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2023-12-11T14:15:31.847\",\"lastModified\":\"2024-11-21T08:43:19.773\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit\\ndocument type definition (DTD) references to external entities.\\nThis means that if a user chooses to use a malicious report definition XML file containing an external entity reference\\nto generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.\\n\"},{\"lang\":\"es\",\"value\":\"En las versiones 0.7 a 1.14.0 de Eclipse Memory Analyzer, los archivos XML de definici\u00f3n de informes no se filtran para prohibir las referencias de definici\u00f3n de tipo de documento (DTD) a entidades externas. Esto significa que si un usuario elige utilizar un archivo XML de definici\u00f3n de informe malicioso que contiene una referencia de entidad externa para generar un informe, Eclipse Memory Analyzer puede acceder a archivos externos o URL definidos mediante una DTD en la definici\u00f3n del informe.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":2.8,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.3,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:memory_analyzer:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.7\",\"versionEndIncluding\":\"1.14.0\",\"matchCriteriaId\":\"D500DCF6-D5A8-4B08-A627-9F57397C3FC2\"}]}]}],\"references\":[{\"url\":\"https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.eclipse.org/security/cve-assignement/-/issues/15\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.eclipse.org/security/cve-assignement/-/issues/15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…