CVE-2017-6055 Eparaksts CVE debrief

Who should care

Organizations using eParakstitajs 3 or eParaksts Java lib, especially any deployment that accepts or processes .edoc files, should treat this as a priority update issue.

Technical summary

The weakness is an XXE condition (CWE-611) in XML handling. The affected versions listed in the CVE are eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13. The reported effect is exposure of arbitrary files, with possible additional unspecified impact. NVD’s CVSS vector is CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Defensive priority

High. The combination of file disclosure potential, high CVSS score, and a direct version fix threshold makes this a strong patch-and-verify item for any affected installation.

Recommended defensive actions

• Upgrade eParakstitajs 3 to version 1.3.9 or later.
• Upgrade eParaksts Java lib to version 2.5.13 or later.
• Review any workflow that imports or processes .edoc files and confirm it cannot accept untrusted content without XML external entity protections.
• Validate that XML parsers used by dependent components have external entity resolution disabled where appropriate.
• Check deployment inventories for the affected product names and version ranges before and after remediation.

Evidence notes

Supported by the CVE description and NVD metadata in the supplied corpus. The CVE description states XXE exposure via crafted edoc files and the affected version ceilings. NVD provides CWE-611, the CVSS 3.0 vector, and the vulnerable CPE range for eparakstitajs_3 through 1.3.8. Vendor and third-party references are listed in the NVD record, but no additional claims are made here beyond the supplied source text.

Official resources