CVE-2023-6194 - OpenCVE

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Eclipse	Memory Analyzer

Configuration 1 [-]

cpe:2.3:a:eclipse:memory_analyzer:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631
https://gitlab.eclipse.org/security/cve-assignement/-/issues/15
https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169

History

No history.

MITRE

Status: PUBLISHED

Assigner: eclipse

Published: 2023-12-11T14:04:51.680Z

Updated: 2024-08-02T08:21:17.798Z

Reserved: 2023-11-17T16:32:44.668Z

Link: CVE-2023-6194

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-11T14:15:31.847

Modified: 2023-12-13T22:02:56.613

Link: CVE-2023-6194

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6194", "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "state": "PUBLISHED", "assignerShortName": "eclipse", "dateReserved": "2023-11-17T16:32:44.668Z", "datePublished": "2023-12-11T14:04:51.680Z", "dateUpdated": "2024-08-02T08:21:17.798Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Eclipse Memory Analyzer (tools.mat)", "vendor": "Eclipse Foundation", "versions": [{"lessThanOrEqual": "1.14.0", "status": "affected", "version": "0.7", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit\ndocument type definition (DTD) references to external entities.\nThis means that if a user chooses to use a malicious report definition XML file containing an external entity reference\nto generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.<br>"}], "value": "In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit\ndocument type definition (DTD) references to external entities.\nThis means that if a user chooses to use a malicious report definition XML file containing an external entity reference\nto generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse", "dateUpdated": "2023-12-11T14:04:51.680Z"}, "references": [{"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/15"}, {"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631"}, {"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169"}], "source": {"discovery": "UNKNOWN"}, "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A workaround for Eclipse Memory Analyzer 1.14.0 and earlier is to run MAT with the following system properties set in MemoryAnalyzer.ini</p>\n<div>\n<pre><code>-Djavax.xml.accessExternalSchema=\n-Djavax.xml.accessExternalDTD=</code></pre></div><br>"}], "value": "A workaround for Eclipse Memory Analyzer 1.14.0 and earlier is to run MAT with the following system properties set in MemoryAnalyzer.ini\n\n\n\n-Djavax.xml.accessExternalSchema=\n-Djavax.xml.accessExternalDTD=\n\n\n\n\n"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:21:17.798Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/15", "tags": ["x_transferred"]}, {"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631", "tags": ["x_transferred"]}, {"url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:memory_analyzer:*:*:*:*:*:*:*:*", "matchCriteriaId": "D500DCF6-D5A8-4B08-A627-9F57397C3FC2", "versionEndIncluding": "1.14.0", "versionStartIncluding": "0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit\ndocument type definition (DTD) references to external entities.\nThis means that if a user chooses to use a malicious report definition XML file containing an external entity reference\nto generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition.\n"}, {"lang": "es", "value": "En las versiones 0.7 a 1.14.0 de Eclipse Memory Analyzer, los archivos XML de definici\u00f3n de informes no se filtran para prohibir las referencias de definici\u00f3n de tipo de documento (DTD) a entidades externas. Esto significa que si un usuario elige utilizar un archivo XML de definici\u00f3n de informe malicioso que contiene una referencia de entidad externa para generar un informe, Eclipse Memory Analyzer puede acceder a archivos externos o URL definidos mediante una DTD en la definici\u00f3n del informe."}], "id": "CVE-2023-6194", "lastModified": "2023-12-13T22:02:56.613", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 1.4, "source": "emo@eclipse.org", "type": "Secondary"}]}, "published": "2023-12-11T14:15:31.847", "references": [{"source": "emo@eclipse.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=582631"}, {"source": "emo@eclipse.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/15"}, {"source": "emo@eclipse.org", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/169"}], "sourceIdentifier": "emo@eclipse.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-611"}], "source": "emo@eclipse.org", "type": "Secondary"}]}