Skip to main content

Mpxj

3 CVEs product

Monthly

CVE-2022-41954 LIB LOW PATCH Monitor

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Mpxj
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
CVE-2020-35460 Maven MEDIUM PATCH This Month

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Mpxj Primavera Unifier
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-25020 Maven CRITICAL PATCH Act Now

MPXJ through 8.1.3 allows XXE attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Mpxj Primavera Unifier
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
EPSS 0% CVSS 3.3
LOW PATCH Monitor

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft +1
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Mpxj +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

MPXJ through 8.1.3 allows XXE attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Mpxj Primavera Unifier
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy