Skip to main content
CVE-2019-10080 MEDIUM PATCH This Month

The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Apache Nifi
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2019-10083 MEDIUM PATCH This Month

When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nifi
NVD
CVSS 3.1
5.3
EPSS
2.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy