Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/37728?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37728?format=api", "vulnerability_id": "VCID-cdqt-rqpk-27cm", "summary": "Information Exposure\nThe `org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory` method in PicketLink expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.", "aliases": [ { "alias": "CVE-2014-3530" }, { "alias": "GHSA-2c9q-qwrc-f486" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63226?format=api", "purl": "pkg:maven/org.picketlink/picketlink-common@2.7.0.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-common@2.7.0.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/51930?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@2.5.0.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@2.5.0.Final" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/199284?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@1.0.0.CR1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.0.CR1" }, { "url": "http://public2.vulnerablecode.io/api/packages/199285?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@1.0.0.GA", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.0.GA" }, { "url": "http://public2.vulnerablecode.io/api/packages/199286?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@1.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/199287?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@1.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/199288?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR1" }, { "url": "http://public2.vulnerablecode.io/api/packages/199289?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR2" }, { "url": "http://public2.vulnerablecode.io/api/packages/199290?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR3" }, { "url": "http://public2.vulnerablecode.io/api/packages/199291?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.CR4" }, { "url": "http://public2.vulnerablecode.io/api/packages/199292?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.final" }, { "url": "http://public2.vulnerablecode.io/api/packages/199293?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.SP1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.3.SP1" }, { "url": "http://public2.vulnerablecode.io/api/packages/199294?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@1.0.4.final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@1.0.4.final" }, { "url": "http://public2.vulnerablecode.io/api/packages/199295?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@2.0.0.final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@2.0.0.final" }, { "url": "http://public2.vulnerablecode.io/api/packages/199297?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@2.0.1.1.final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@2.0.1.1.final" }, { "url": "http://public2.vulnerablecode.io/api/packages/199296?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@2.0.1.final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@2.0.1.final" }, { "url": "http://public2.vulnerablecode.io/api/packages/199298?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@2.0.2.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@2.0.2.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/51929?format=api", "purl": "pkg:maven/org.picketlink/picketlink-fed-core@2.0.3.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.picketlink/picketlink-fed-core@2.0.3.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/176269?format=api", "purl": "pkg:rpm/redhat/picketlink-federation@2.1.5-3_patch_01?arch=el6_5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/picketlink-federation@2.1.5-3_patch_01%3Farch=el6_5" }, { "url": "http://public2.vulnerablecode.io/api/packages/176267?format=api", "purl": "pkg:rpm/redhat/picketlink-federation@2.1.5-3_patch_01.ep5?arch=el4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/picketlink-federation@2.1.5-3_patch_01.ep5%3Farch=el4" }, { "url": "http://public2.vulnerablecode.io/api/packages/176268?format=api", "purl": "pkg:rpm/redhat/picketlink-federation@2.1.5-3_patch_01.ep5?arch=el5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/picketlink-federation@2.1.5-3_patch_01.ep5%3Farch=el5" }, { "url": "http://public2.vulnerablecode.io/api/packages/176270?format=api", "purl": "pkg:rpm/redhat/picketlink-federation@2.1.9-5.SP3_redhat_2.1.ep6?arch=el5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/picketlink-federation@2.1.9-5.SP3_redhat_2.1.ep6%3Farch=el5" }, { "url": "http://public2.vulnerablecode.io/api/packages/176271?format=api", "purl": "pkg:rpm/redhat/picketlink-federation@2.1.9-5.SP3_redhat_2.1.ep6?arch=el6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cdqt-rqpk-27cm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/picketlink-federation@2.1.9-5.SP3_redhat_2.1.ep6%3Farch=el6" } ], "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0883.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0883.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0884.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0884.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0885.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0885.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0886.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0886.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0091.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0091.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1888.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3530.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3530.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02131", "scoring_system": "epss", "scoring_elements": "0.8449", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3530" }, { "reference_url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1112987", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1112987" }, { "reference_url": "http://secunia.com/advisories/60047", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/60047" }, { "reference_url": "http://secunia.com/advisories/60124", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/60124" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94700", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94700" }, { "reference_url": "https://github.com/picketlink/picketlink", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/picketlink/picketlink" }, { "reference_url": "https://github.com/picketlink/picketlink/commit/8c78668e4f08cf3c4ed14d8a36d402dcf02cb057", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/picketlink/picketlink/commit/8c78668e4f08cf3c4ed14d8a36d402dcf02cb057" }, { "reference_url": "https://issues.jboss.org/browse/PLINK-509", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.jboss.org/browse/PLINK-509" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3530", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3530" }, { "reference_url": "http://www.securitytracker.com/id/1030607", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1030607" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112987", "reference_id": "1112987", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112987" }, { "reference_url": "https://bugzilla.redhat.com/CVE-2014-3530", "reference_id": "CVE-2014-3530", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/CVE-2014-3530" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0883", "reference_id": "RHSA-2014:0883", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0883" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0884", "reference_id": "RHSA-2014:0884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0885", "reference_id": "RHSA-2014:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0886", "reference_id": "RHSA-2014:0886", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0886" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0897", "reference_id": "RHSA-2014:0897", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0897" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0898", "reference_id": "RHSA-2014:0898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0898" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0910", "reference_id": "RHSA-2014:0910", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0910" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0091", "reference_id": "RHSA-2015:0091", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0091" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0234", "reference_id": "RHSA-2015:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0235", "reference_id": "RHSA-2015:0235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0675", "reference_id": "RHSA-2015:0675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0720", "reference_id": "RHSA-2015:0720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0765", "reference_id": "RHSA-2015:0765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1009", "reference_id": "RHSA-2015:1009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1888", "reference_id": "RHSA-2015:1888", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1888" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 200, "name": "Exposure of Sensitive Information to an Unauthorized Actor", "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 611, "name": "Improper Restriction of XML External Entity Reference", "description": "The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdqt-rqpk-27cm" }