Unrated severityNVD Advisory· Published Aug 11, 2015· Updated May 6, 2026

CVE-2015-1818

Description

XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document.

Affected products

Red Hat/Jboss Bpm Suite
cpe:2.3:a:redhat:jboss_bpm_suite:*:*:*:*:*:*:*:*
Range: <=6.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

rhn.redhat.com/errata/RHSA-2015-1539.htmlnvdVendor Advisory
rhn.redhat.com/errata/RHSA-2015-1704.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000