Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-v6hn-ktd8-n7an
Vulnerability ID VCID-v6hn-ktd8-n7an
Aliases CVE-2013-6440
GHSA-v723-58jv-2qc4
Summary Exposure of Sensitive Information to an Unauthorized Actor in OpenSAML The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-611 Improper Restriction of XML External Entity Reference
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0170.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0171.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0172.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0195.html
epss 0.0075 https://api.first.org/data/v1/epss?cve=CVE-2013-6440
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=1043332
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-v723-58jv-2qc4
generic_textual MODERATE http://shibboleth.net/community/advisories/secadv_20131213.txt
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2013-6440
generic_textual MODERATE https://www.oracle.com/security-alerts/cpujan2022.html
Reference id Reference type URL
http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml
http://rhn.redhat.com/errata/RHSA-2014-0170.html
http://rhn.redhat.com/errata/RHSA-2014-0171.html
http://rhn.redhat.com/errata/RHSA-2014-0172.html
http://rhn.redhat.com/errata/RHSA-2014-0195.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6440.json
https://api.first.org/data/v1/epss?cve=CVE-2013-6440
https://bugzilla.redhat.com/show_bug.cgi?id=1043332
http://shibboleth.net/community/advisories/secadv_20131213.txt
https://nvd.nist.gov/vuln/detail/CVE-2013-6440
https://www.oracle.com/security-alerts/cpujan2022.html
CVE-2013-6440 https://bugzilla.redhat.com/CVE-2013-6440
GHSA-v723-58jv-2qc4 https://github.com/advisories/GHSA-v723-58jv-2qc4
RHSA-2014:0170 https://access.redhat.com/errata/RHSA-2014:0170
RHSA-2014:0171 https://access.redhat.com/errata/RHSA-2014:0171
RHSA-2014:0172 https://access.redhat.com/errata/RHSA-2014:0172
RHSA-2014:0195 https://access.redhat.com/errata/RHSA-2014:0195
RHSA-2014:0452 https://access.redhat.com/errata/RHSA-2014:0452
RHSA-2014:1290 https://access.redhat.com/errata/RHSA-2014:1290
RHSA-2014:1291 https://access.redhat.com/errata/RHSA-2014:1291
RHSA-2014:1995 https://access.redhat.com/errata/RHSA-2014:1995
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.73438
EPSS Score 0.0075
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:35:38.223881+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v723-58jv-2qc4/GHSA-v723-58jv-2qc4.json 38.6.0