XXE Vulnerability in Eclipse Kura Versions up to 4.0.0

XXE Vulnerability in Eclipse Kura Versions up to 4.0.0

CVE-2019-10244 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.

Learn more about our Web App Pen Testing.