Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

SUSE-SU-2018:2861-1 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceSUSE-SU-2018:2861-1

SUSE-SU-2018:2861-1

MEDIUM6.1

Security update for dom4j

Published Sep 25, 2018

Modified 7 years ago

Fix available

Details

Description of the patch:

This update for dom4j fixes the following issues:

CVE-2018-1000632: Prevent XML injection vulnerability that allowed an attacker to tamper with XML documents (bsc#1105443)

Affected Packages

dom4j

SUSE Manager Server 3.0SUSE Manager Server 3.2

Fixed in:

1.6.1-27.4.1

References

https://bugzilla.suse.com/1105443

https://lists.suse.com/pipermail/sle-security-updates/2018-September/004599.html

https://www.suse.com/security/cve/CVE-2018-1000632/

https://www.suse.com/support/security/rating/

https://www.suse.com/support/update/announcement/2018/suse-su-20182861-1/

CVSS Analysis

CVSS v3.0

6.1

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

LowI:L

Availability

NoneA:N

6.1/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Upstream

CVE-2018-1000632

Ecosystems

SUSE Manager Server 3.0 SUSE Manager Server 3.2

Timeline

PublishedSep 25, 2018

ModifiedSep 25, 2018