XML External Entity Vulnerability in IBM Forms Experience Builder
CVE-2016-0369

2.7LOW

Key Information:

Vendor: IBM
Status: Forms Experience Builder
Vendor: CVE Published:; 21 February 2018

Summary

An XML external entity (XXE) vulnerability was identified in IBM Forms Experience Builder versions 8.5, 8.5.1, and 8.6. This vulnerability enables remote authenticated users to exploit crafted XML data, potentially leading to the unauthorized exposure of sensitive information. Proper validation and sanitization of XML input are crucial to mitigate this risk and protect users' data integrity.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/112088

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21988727

x_refsource_CONFIRM

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 21, 2018
Vulnerability Reserved
Dec 8, 2015