XML External Entity Vulnerability in IBM Forms Experience Builder
CVE-2016-0369

2.7LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
21 February 2018

Summary

An XML external entity (XXE) vulnerability was identified in IBM Forms Experience Builder versions 8.5, 8.5.1, and 8.6. This vulnerability enables remote authenticated users to exploit crafted XML data, potentially leading to the unauthorized exposure of sensitive information. Proper validation and sanitization of XML input are crucial to mitigate this risk and protect users' data integrity.

References

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.