XML External Entity Injection Vulnerability in IBM FileNet Content Manager
CVE-2018-1844

7.1HIGH

Key Information:

Vendor: IBM
Status: Filenet Content Manager
Vendor: CVE Published:; 12 October 2018

Summary

The IBM FileNet Content Manager versions 5.2.1 and 5.5.0 are susceptible to an XML External Entity (XXE) Injection vulnerability. This weakness arises when the system processes XML data, allowing a remote attacker to exploit the flaw. If exploited, it can lead to the exposure of sensitive information or the unauthorized consumption of server memory resources, compromising the integrity and confidentiality of the affected systems. It is crucial for organizations using these versions to implement appropriate security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

FileNet Content Manager 5.2.1

FileNet Content Manager 5.5.0

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/150904

vdb-entryx_refsource_XF

https://www.ibm.com/support/docview.wss?uid=ibm10732755

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 12, 2018
Vulnerability Reserved
Dec 13, 2017