XML External Entity Injection Vulnerability in IBM Marketing Platform
CVE-2018-1424

7.1HIGH

Key Information:

Vendor

IBM
Status
Marketing Platform
Vendor
CVE Published:
7 December 2018

What is CVE-2018-1424?

IBM Marketing Platform versions 9.1.0, 9.1.2, and 10.1 are susceptible to an XML External Entity Injection (XXE) vulnerability which can be exploited by attackers when the platform processes XML data. An attacker can leverage this vulnerability to access sensitive information or exhaust system memory, potentially compromising the integrity and availability of the service. For more details, refer to the IBM X-Force ID: 139029.

Affected Version(s)

Marketing Platform 9.1.2

Marketing Platform 9.1.0

Marketing Platform 10.1

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/139029
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/106201
vdb-entryx_refsource_BID
http://www.ibm.com/support/docview.wss?uid=ibm10744217
x_refsource_CONFIRM

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.