{"api_version":"1","generated_at":"2026-04-22T21:37:59+00:00","cve":"CVE-2019-10244","urls":{"html":"https://cve.report/CVE-2019-10244","api":"https://cve.report/api/cve/CVE-2019-10244.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-10244","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-10244"},"summary":{"title":"CVE-2019-10244","description":"In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.","state":"PUBLIC","assigner":"security@eclipse.org","published_at":"2019-04-09 16:29:00","updated_at":"2019-10-09 23:44:00"},"problem_types":["CWE-611"],"metrics":[],"references":[{"url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=545835","name":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=545835","refsource":"CONFIRM","tags":["Issue Tracking","Vendor Advisory"],"title":"545835 – (CVE-2019-10244) Possible XXE attacks to XML parsers","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/107844","name":"107844","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Eclipse Kura Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-10244","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10244","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"10244","vulnerable":"1","versionEndIncluding":"4.0.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"eclipse","cpe5":"kura","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@eclipse.org","ID":"CVE-2019-10244","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Eclipse Kura","version":{"version_data":[{"version_affected":"<=","version_value":"4.0.0"}]}}]},"vendor_name":"The Eclipse Foundation"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-611: Improper Restriction of XML External Entity Reference ('XXE')"}]}]},"references":{"reference_data":[{"name":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=545835","refsource":"CONFIRM","url":"https://bugs.eclipse.org/bugs/show_bug.cgi?id=545835"},{"refsource":"BID","name":"107844","url":"http://www.securityfocus.com/bid/107844"}]}},"nvd":{"publishedDate":"2019-04-09 16:29:00","lastModifiedDate":"2019-10-09 23:44:00","problem_types":["CWE-611"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:eclipse:kura:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"10244","Ordinal":"148462","Title":"CVE-2019-10244","CVE":"CVE-2019-10244","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"10244","Ordinal":"1","NoteData":"In Eclipse Kura versions up to 4.0.0, the Web UI package and component services, the Artemis simple Mqtt component and the emulator position service (not part of the device distribution) could potentially be target of XXE attack due to an improper factory and parser initialisation.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"10244","Ordinal":"2","NoteData":"2019-04-09","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"10244","Ordinal":"3","NoteData":"2019-04-10","Type":"Other","Title":"Modified"}]}}}