XML External Entity Injection Vulnerability in IBM Daeja ViewONE Professional
CVE-2018-1835

7.1HIGH

Key Information:

Vendor: IBM
Status: Daeja Viewone
Vendor: CVE Published:; 2 November 2018

Summary

IBM Daeja ViewONE versions Professional, Standard, and Virtual 5 are susceptible to an XML External Entity Injection (XXE) attack. This vulnerability allows a remote attacker to manipulate the processing of XML data, potentially leading to the exposure of sensitive information or excessive consumption of system memory resources. This highlights the importance of implementing secure coding practices and validating XML data to prevent such security risks. For further details, you can review IBM's official documentation and the X-Force vulnerability database entry.

Affected Version(s)

Daeja ViewONE 5

References

http://www.ibm.com/support/docview.wss?uid=ibm10733815

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/150514

vdb-entryx_refsource_XF

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 2, 2018
Vulnerability Reserved
Dec 13, 2017