Denial of Service Vulnerability in IBM Mashup Center
CVE-2015-7400

7.7HIGH

Key Information:

Vendor

IBM
Status
Mashups Center
Vendor
CVE Published:
2 January 2016

What is CVE-2015-7400?

The Lotus Mashups component in IBM Mashup Center 3.0.0.1 is susceptible to an XML External Entity (XXE) issue. This vulnerability enables remote authenticated users to exploit XML external entity declarations, potentially leading to significant CPU consumption and a denial of service condition. Proper handling and validation of XML data are essential to mitigate the impact of this vulnerability. Organizations using affected versions should prioritize updates and follow best practices for XML parsing.

References

http://www.securitytracker.com/id/1035319
vdb-entryx_refsource_SECTRACK
http://www-01.ibm.com/support/docview.wss?uid=swg1IT12268
vendor-advisoryx_refsource_AIXAPAR
http://www.securityfocus.com/bid/77986
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.