XML External Entity Injection Vulnerability in IBM Platform and Spectrum Symphony
CVE-2018-1702
7.1HIGH
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 28 September 2018
Summary
Certain versions of IBM Platform Symphony and IBM Spectrum Symphony are vulnerable to XML External Entity Injection (XXE). This attack occurs when the software processes untrusted XML data, allowing malicious users to inject XML entities. When exploited, this vulnerability can lead to the unauthorized exposure of sensitive information or depletion of system resources in the affected software versions.
Affected Version(s)
Platform Symphony 7.1.1
Platform Symphony 7.1
Spectrum Symphony 7.2.0.2
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved