Vulnerability Details CVE-2019-10244
In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.018
EPSS Ranking 75.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2019-10244
-
cpe:2.3:a:eclipse:kura:-
-
cpe:2.3:a:eclipse:kura:0.7.0
-
cpe:2.3:a:eclipse:kura:0.7.1
-
cpe:2.3:a:eclipse:kura:1.0.0
-
cpe:2.3:a:eclipse:kura:1.1.0
-
cpe:2.3:a:eclipse:kura:1.1.1
-
cpe:2.3:a:eclipse:kura:1.1.2
-
cpe:2.3:a:eclipse:kura:1.2.0
-
cpe:2.3:a:eclipse:kura:1.2.1
-
cpe:2.3:a:eclipse:kura:1.2.2
-
cpe:2.3:a:eclipse:kura:1.3.0
-
cpe:2.3:a:eclipse:kura:1.4.0
-
cpe:2.3:a:eclipse:kura:2.0.0
-
cpe:2.3:a:eclipse:kura:2.0.1
-
cpe:2.3:a:eclipse:kura:2.0.2
-
cpe:2.3:a:eclipse:kura:2.1.0
-
cpe:2.3:a:eclipse:kura:3.0.0
-
cpe:2.3:a:eclipse:kura:3.1.0
-
cpe:2.3:a:eclipse:kura:3.1.1
-
cpe:2.3:a:eclipse:kura:3.2.0
-
cpe:2.3:a:eclipse:kura:4.0.0