CVE-2024-55887
CVSS 3.1 Score 8.6 of 10 (high)
Details
Summary
CVE-2024-55887 is a vulnerability affecting the Ucum-java FHIR Java library, versions prior to 1.0.9. The UcumEssenceService in these versions is susceptible to XML External Entity (XXE) injections during parsing. Malicious DTD tags in processed XML files can lead to unintended data access from the host system. This issue poses a risk in use cases where Ucum-java is integrated with external clients that can submit XML data. To mitigate the risk, users are advised to upgrade to Ucum-java version 1.0.9 or ensure that all XML sources used with UcumEssenceService are trusted.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.