CVE-2016-4216
Moderate severity vulnerability that affects com.adobe.xmp:xmpcore
7.5
HIGH
CVSS 3.1
EPSS 0.68%
Description
XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
How to fix CVE-2016-4216
To remediate CVE-2016-4216, upgrade the affected package to a fixed version below.
- —upgrade to 5.1.3 or later
Is CVE-2016-4216 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 5.1.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |