XML External Entity Injection Vulnerability in IBM Content Management Solutions
CVE-2018-1542

7.1HIGH

Key Information:

Vendor
IBM
Status
Filenet P8 Platform
Vendor
CVE Published:
6 July 2018

Summary

IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine versions 5.2.1 and 5.5.0 are susceptible to an XML External Entity Injection (XXE) vulnerability. This occurs when the products process XML data that may allow a remote attacker to exploit this weakness. Successful exploitation could result in the unauthorized exposure of sensitive information and excessive consumption of system memory resources, potentially leading to denial of service.

Affected Version(s)

FileNet P8 Platform 5.2.1

FileNet P8 Platform 5.5.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/142597
vdb-entryx_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg22015943
x_refsource_CONFIRM
http://www.securitytracker.com/id/1041225
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.