XML External Entity Injection Vulnerability in IBM Platform and Spectrum Symphony
CVE-2018-1702

7.1HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
28 September 2018

Summary

Certain versions of IBM Platform Symphony and IBM Spectrum Symphony are vulnerable to XML External Entity Injection (XXE). This attack occurs when the software processes untrusted XML data, allowing malicious users to inject XML entities. When exploited, this vulnerability can lead to the unauthorized exposure of sensitive information or depletion of system resources in the affected software versions.

Affected Version(s)

Platform Symphony 7.1.1

Platform Symphony 7.1

Spectrum Symphony 7.2.0.2

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.