CVE-2018-1801

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Integration Bus; Websphere Message Broker; App Connect
Vendor: CVE Published:; 4 February 2019

Summary

IBM App Connect V11.0.0.0 through V11.0.0.1, IBM Integration Bus V10.0.0.0 through V10.0.0.13, IBM Integration Bus V9.0.0.0 through V9.0.0.10, and WebSphere Message Broker V8.0.0.0 through V8.0.0.9 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to consume memory resources. IBM X-Force ID: 149639.

Affected Version(s)

App Connect 11.0.0.0

App Connect 11.0.0.1

Integration Bus 9.0.0.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/149639

vdb-entryx_refsource_XF

http://www.ibm.com/support/docview.wss?uid=ibm10795780

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2019
Vulnerability Reserved
Dec 13, 2017