How severe is CVE-2024-55887?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2024-55887?

This is classified as CWE-611, which is a common weakness in software security.

CVE-2024-55887 - HIGH Severity | CVSS 8.6

Vulnerability Description

Ucum-java is a FHIR Java library providing UCUM Services. In versions prior to 1.0.9, XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where ucum is being used to within a host where external clients can submit XML. Release 1.0.9 of Ucum-java fixes this vulnerability. As a workaround, ensure that the source xml for instantiating UcumEssenceService is trusted.

Related Vulnerabilities

CVE-2016-4264

HIGH

CVSS:8.6(High)

The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before Update 21 and 11 before Update 10 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via a craft...

CWE-6112016

CVE-2016-7051

HIGH

CVSS:8.6(High)

XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vec...

CWE-6112016

CVE-2016-9691

HIGH

CVSS:8.6(High)

IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploi...

CWE-6112016

CVE-2018-19244

HIGH

CVSS:8.6(High)

An XML External Entity (XXE) vulnerability exists in the Charles 4.2.7 import/export setup option. If a user imports a "Charles Settings.xml" file from an attacker, an intranet network may be accessed...

CWE-6112018

CVE-2018-19858

HIGH

CVSS:8.6(High)

PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceX...

CWE-6112018

CVE-2021-3869

HIGH

CVSS:8.6(High)

corenlp is vulnerable to Improper Restriction of XML External Entity Reference

CWE-6112021