{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-26T05:17:03.702","vulnerabilities":[{"cve":{"id":"CVE-2017-7464","sourceIdentifier":"secalert@redhat.com","published":"2018-07-27T12:29:00.287","lastModified":"2024-11-21T03:31:57.320","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"It was found that the JAXP implementation used in JBoss EAP 7.0 for SAX and DOM parsing is vulnerable to certain XXE flaws. An attacker could use this flaw to cause DoS, SSRF, or information disclosure if they are able to provide XML content for parsing."},{"lang":"es","value":"Se ha encontrado que la implementación de JAXP utilizada en JBoss EAP 7.0 para el análisis SAX y DOM es vulnerable a ciertas vulnerabilidades XXE. Un atacante podría utilizar este defecto para provocar DoS, SSRF, o la divulgación de información si son capaces de proporcionar contenido XML para el análisis."}],"metrics":{"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:H","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*","matchCriteriaId":"88BF3B2C-B121-483A-AEF2-8082F6DA5310"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/98450","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7464","source":"secalert@redhat.com","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/98450","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7464","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mitigation","Vendor Advisory"]}]}}]}